A recent report from the Economist, sponsored by SAP, lays out the case for holistic enterprise risk management and why it’s a vital necessity for modern business. As you prepare your organization to implement this holistic approach to governance, risk and compliance (GRC), the report’s insights into best practices can aid the process.
Breaking silos to enable collaboration
One of the biggest takeaways of the Economist report is the need for your organization to figure out how to do away with fragmented risk management silos and enable genuine collaboration. The report profiles logistics powerhouse UPS and the efforts of its VP of corporate internal audits, Mohammed Azam, to find a way to bring together every group under his purview to address risk management. In his case, Azam chose to set up an enterprise risk council, bypassing the normal gatekeeper avenues for communication by holding regular meetings with representatives from 25 different areas of UPS’s operations.
Steps like this go a long way toward combating the “same goal, different page” phenomenon that so often plagues the adoption of a holistic approach to risk management. That phenomenon leads to situations like nearly 70 percent of technology executives reporting that their organization doesn’t view IT security as a strategic priority. The root of that problem is poor communication, so it’s vital that you find a way to make sure everybody in your organization is reading from the same page.
Maximizing vigilance through organizational unity
A unified approach to risk management also helps you adopt the “beneficial paranoia” that’s vital to survival in today’s ultra-competitive global marketplace. Steve Lucas described this practice at a recent SAPinsider conference, using the animal world to contrast “head-in-the-sand” ostrich organizations and “follow the leader” fish with a more successful “lemur” approach.
In contrast to the other businesses, a “lemur” adopts a state of healthy strategic paranoia, always scanning the horizon for potential threats and sources of disruption. In this case, many eyes are better than one, and a unified approach ensures that you’ll hear the danger alarm as soon as it’s called, no matter where it originates within the organizational chart.
Understand risk in the context of organization’s strategy
Effective and holistic risk management also requires you to be able to prioritize risks within the context of your business strategy. This prioritization allows business leaders to make decisions more effectively, “At the end of the day, this is not about risk professionals, but about executive teams making sure that they understand risks,” says PwC’s Brian Schwartz, US performance leader for governance, risk and compliance. It requires robust follow-through, enabled by rigorous auditing procedures and C-suite oversight. You need to be able to assess how your risk management procedures are aligning with your strategic objectives, both to identify problems before they occur, and to ensure that your processes are as efficient as possible.
Tying this together, the Economist’s report lays out four key objectives for crafting your risk management framework:
- Implement proactive identification of risks
- Enable effective ownership of strategic priorities to boost monitoring and audit management
- Ensure senior management and corporate leadership is actively engaged in oversight of strategic risk management priorities
- Use standardized terminology and measurement processes for risk priorities
How technology can help
To meet these four objectives, you’ll need to adopt robust, highly capable technology tools that let you quickly adapt to changes in business, technology and regulations to strengthen your business and simplify your approach to GRC. With the right tools, you can make better decisions by visualizing your own data to predict how risks might impact your performance.
Adopting a unified technology platform lets you integrate key GRC activities into your existing processes to reduce complexity and boost your insight capabilities. To find out how technology can help you improve GRC to protect your company’s reputation and financial well being, visit SAP today.
Want more insight on the tools your organization will need to stay competitive in today’s global economy? See Building the Business Network of the Future.