SAP Risk Management - Mitigate Risk by Monitoring Supplier Health

Learn how SAP Risk Management, combined with SAP Process Control, can help you monitor any aspect of your organization to mitigate risk. See how you can set up a risk driver, propose a control in SAP Risk Management, and accept and further define a control in the SAP Process Control application.

  • http://sapvideo.edgesuite.net/vod/demos/sap-risk-management-mitigate-risk-by-monitoring-supplier-health-demo-us.mp4
  • 512
  • 288
    • SAP Risk Management Mitigate risk by monitoring supplier health
    • In this demonstration, you’ll see how the SAP Risk Management application lets you identify a new risk driver and propose a control, approve and define a control in SAP Process Control, and return to SAP Risk Management to review the risk assessment with the new control in place
    • Enabling you to monitor and maintain the health of any aspect of your organization.
    • Identify a new risk driver and propose a control
    • Nancy DaSilva, a procurement manager at a steel manufacturer, needs to monitor the viability of suppliers to help ensure the success of her company.
    • She logs into the risk management application and chooses the “Risk Assessment” tab.
    • She selects the risk, Failure of Key Supplier, to review it and update it.
    • Nancy can select it from the list of the risks in her scope.
    • She displays the risk in a bow-tie view presenting the context of the risk in terms of organization, process, and activities, as well as drivers, impacts, and risk responses.
    • The visual representation helps Nancy explain the risk situation at workshops to colleagues who are not risk experts.
    • Nancy chooses a risk driver from the list, drags into the chart at the right, and enters a description for it.
    • The new risk driver is the possibility that a merger or acquisition between the primary and back-up supplier may occur ‒ and this could trigger a risk event.
    • Nancy notes that even before adding the new risk driver, the probability of a key supplier failing was 35%.
    • Because adding a new risk driver raises the likelihood of risk, Nancy changes the probability of a risk occurring to 45%.
    • This changes the risk level to high and puts it in the red zone.
    • Going back to the chart, Nancy can see three impacts that can be assessed.
    • She can choose to assess them by qualitative or qualitative factors, scoring, or three-point analysis.
    • This risk is now unacceptable due to its high level, so Nancy decides to review the existing risk responses.
    • She sees that there are two responses linked to the risk “Failure of Key Supplier,” but neither one covers the new driver she just identified.
    • One response requires maintaining emergency stock levels and the other requires a supplier contract.
    • To promote a direct response to the new risk driver, Nancy proposes a control to detect when the independence of key suppliers may be impaired.
    • Nancy can designate this as a key control, and she can propose the creation of an automated, detective control for greater efficiency and reliability.
    • Approve and define a control
    • Nicole Lee is the compliance officer at the steel producer who manages controls to mitigate procurement risks.
    • She receives an e-mail alert that a new item has been assigned to her, so she logs into the process control software and receives the proposed control from Nancy automatically.
    • The new item has been added to her “Work Inbox” and she can review the details of the proposal and its objective by clicking on it.
    • Nicole decides to add the proposed control to an existing automated control, “Monitor Suppliers’ Records.”
    • She reviews the details of the proposed control, including the risk the control is intended to mitigate.
    • There already is a control covering these issues, so she decides to link the control proposal to this record, so she can reuse it and avoid creating another similar control.
    • Nicole sets up the control to identify suppliers with identical bank accounts.
    • Presumably, two companies with shared bank accounts are not independent, creating a situation that contributes to the risk event.
    • She notes that this is a detective control, and flags a defined condition before the risk event occurs.
    • Results from this control show one issue already that is classified as a “significant deficiency.”
    • Once the automated control is run, it is apparent that there are a number of suppliers flagged as having shared bank accounts.
    • Nicole will investigate each item to determine if it is a valid deficiency.
    • If nonconforming suppliers are identified, corrective action can be taken.
    • Review risk assessment
    • Nancy reviews the automated control that is now added to the bow-tie graphic in Risk Management
    • She can drill down to display the results and potential deficiencies identified if necessary.
    • Satisfied that the control is effective in offsetting the new risk driver and that noncompliance is monitored, Nancy reduces the probability of the impact occurring to 35%, reducing the risk to medium
    • Before logging off, Nancy displays a heat map of the residual level of all the risks in her scope and can see that none are in the critical zone.
    • As you have seen, SAP Risk Management lets you identify a new risk driver and propose a control, and together with SAP Process Control, approve and define a control, and review risk assessment.
  • Tweet this Share on Facebook Share on LinkedIn Youtube Instagram Email