Risk management: roadmap to 'maturity': there are several ways to implement a risk management solution. Here is what SAP itself did.

• Author: Kraus, Miriam
• Position: CORPORATE ACCOUNTABILITY AGENDA

As globalization and regulation intensify, many companies respond to these com plexities by implementing rigorous risk management processes. SAP, a global provider of enterprise management software, is no exception. SAP's initial risk management efforts were aimed at greater efficiency and regulatory compliance, but, as detailed here, SAP gravitated to an enterprise-wide risk man agement solution to take full advantage of its capabilities and increase organizational consistency.

Specifically, a broader risk management approach strengthened key businesses' processes, enhanced predict ability of SAP's operations, and supported the company's overall business strategy. Consequently, SAP's implementation approach can serve as a roadmap for other companies evaluating when and how to bolster their risk management capabilities.

SAP launched its initial risk management initiative in 2002 to ensure compliance with various regulatory mandates, as well as synthesize and analyze information related to internal financial processes and controls. As a company with worldwide operations, including emerging markets, SAP found itself in a position familiar to many companies: without an automated approach, the company was spending too much time and resources to identify and manage risks. To accommodate its global growth plans, contain costs, and ensure accuracy and reliability of data, SAP determined that an automated solution that integrated risk management information and activities across business processes was required.

There are several ways to implement a risk management solution. Many com panies employ a 'top-down' approach, using strategic goals as touchstones across all business units. While enter prise-wide risk management was its ultimate goal, SAP took a different path to risk management maturity.

To gain immediate value and return, SAP first focused on key operational processes and activities to drive out costs and increase efficiencies. A new internal system provided key process controls that enabled better mitigation of financial risks. Supported by the entire executive board and all senior SAP executives, global risk management standards were implemented in all lines of business for the identified risks.

After completing this initial phase of the risk management effort, SAP expanded its approach to implement risk management across the entire enterprise, which allowed it to integrate and align risk management across financial, operational, and...