Manage The Risks Of Innovative Initiatives With Three Lines of Defense

James Chiu

In Protiviti’s 2018 Finance Trends Survey of almost 400 CFOs, vice presidents of finance, chief accounting officers, and other finance leaders, respondents were asked to rate 16 different areas for the finance function to improve performance over the next 12 months.  The top five priorities are:

    1. Security and privacy of data in finance applications
    2. Enhanced data analytics
    3. Process improvement: process and data analytics
    4. Changing demands and expectation of internal customers
    5. Challenges with regulations

According to the study, “security and privacy of data in finance applications is a high priority for 75% of CFOs/finance VPs. It is highest among organizations with [US]$10 billion to $19 billion in revenue (84%).”

These priorities align with risks highlighted in the 2018 Risk in Review Study by PwC, which surveyed over 1,500 risk executives. Based on the survey results, PwC’s study found: “Cybersecurity or privacy threats are seen as the risk category expected to rise the most …From introducing new products to entering new markets, to forming alliances, to creating new distribution models, cybersecurity or privacy is of greatest concern. As businesses operate in an increasingly digital world, technology underlies many innovative activities and, by extension, opens the door to greater cyber (or privacy) risk.”

The PwC survey found organizations that have programs that manage innovation-related risks effectively are “2-3x more likely to express confidence in their program’s ability to manage risk from high-impact technologies like AI and IoT, and 3x more likely to see future revenue growth than their less-innovative, less-effective peers.”

It’s clear that as organizations are innovating to grow revenue and capture great opportunity, there are more expectations from CFOs and other executive management for enterprise GRC programs to engage in strategic initiatives.

Solutions for three lines of defense

Solutions supporting three lines of defense can help organizations manage high-risk velocity events, the complexity of regulatory requirements, and the need for protecting sensitive information and infrastructure. They can:

  • Link business strategy objectives to risk appetites and business risks in operational, financial, human capital, technology, compliance, and other categories. These risks are managed throughout the three lines of defense in business operations and entity-level risk and compliance activities and are leveraged by the third line of defense for independent assurance. This means risk managers can be engaged in the lifecycles of risks and respond to them in the earliest stages possible.
  • Power key risk indicators and other monitoring capabilities to help ensure that risk appetite and tolerance are adjusted to support an agile risk-management framework.
  • Document data-processing activities, monitor data processing, and confirm compliance with reporting.

In summary, these solutions can help organizations focus on what’s most important: integrating with critical business systems, monitoring risks and controls continuously, and driving business innovation.

Learn more

  • Have you implemented the three lines of defense in your organization? Read our other blogs on the subject for more information and visit our product pages for details.
  • Please visit us at SAPinsider GRC2019 in Las Vegas March 19-21 and meet the SAP GRC solutions team. Register before by January 4 for early-bird discounts.

This article originally appeared on the SAP Analytics blog and is republished by permission.

Follow SAP Finance online: @SAPFinance (Twitter)  | LinkedIn | FacebookYouTube


James Chiu

About James Chiu

James Chiu is director, Solution Management, Governance, Risk, and Compliance, for SAP.