RouteONE — Helping enhance the real value from SAP GRC Risk Management
2 | Maximising the real value of SAP GRC Risk Management through RouteONE
Contents
Business context: Governance, risk and compliance
Approach overview: SAP GRC Risk Management
Implementation: More than a technical solution
RouteONE: The faster, better, more affordable option
RouteONE: SAP GRC Risk Management
Want to learn more? Insights on governance, risk and compliance
Contacts
3RouteONE — Helping enhance the real value from SAP GRC Risk Management |
Governance, risk and complianceIn an age of growing regulation and organizational accountability, managing risk has become a major business challenge and is placing an ever-increasing demand on resources. During our recent Governance, Risk and Compliance (GRC) performance survey1 of companies that run SAP, 75% of respondents expressed a desire to improve the management of governance, risk and compliance across their business.
For most organizations, managing risk across the enterprise is a major challenge. Requirements are becoming increasingly complex and the need for complete visibility of risk is critical, yet very difficult to achieve. The typically fragmented approach to managing risk is no longer an acceptable option. Effective risk management is now a core expectation for organizations seeking growth. Through better automation, centralization and by turning data into actionable insights, businesses can transform risk management from an operational and financial burden into an enabler for success.
RouteONE for SAP GRC Risk Management
1. There’s no reward without risk: EY GRC Survey 2015, EY, 2015.
4 | RouteONE — Helping enhance the real value from SAP GRC Risk Management
RouteONE for SAP GRC Risk Management
SAP GRC Risk ManagementMany organizations seek a technology answer to their risk management challenges, such as SAP GRC Risk Management. Organizations may invest in SAP GRC Risk Management for a range of reasons however usually there is a common desire to use its implementation to help establish a formal enterprise risk management framework with greater automation and more effective tools for end users. The aim is that this will enable the organization to better assess threats and opportunities and gain greater insight to identify and manage risks on a sustainable basis.
Key features
• A holistic approach including risk planning, identification, analysis, response and monitoring
• Workflow functionality and notifications to help increase accountability for risk management tasks
• Offline work processes (Adobe interactive forms)
• Qualitative and quantitative risk analysis
• Near real-time risk monitoring through key risk indicators (KRIs)
• Out-of-the box executive reports
More than a technical solutionKey to making a GRC solution effective is to see it not only as a technical solution, but more as an enabler to creating a culture in which managing risk becomes second nature. All too often, technology is implemented and not enough focus is given to gaining the end users’ buy-in to a new, more effective and efficient way of working. This can result in the benefits not being fully realized and a missed opportunity where competitive advantage could have been gained.
Change management activities are often seen as less important than the technical solution, which is why they are sometimes reduced in scope. Whether it is down to budget limitations, underestimating the likely resistance to change or a belief that the transfer of knowledge ”just happens,” the communication activities carried out to support an implementation are typically not good enough to achieve adoption. However, by using leading edge implementation tools and methodologies designed to deliver faster and better outcomes, more attention can be paid to engaging end users in better risk-management practices. EY’s deployment methodology leverages the award-winning “Engaging Risk” concept, which has been developed to enhance user experience through analytical dashboards, mobile applications, social tools and interactive forms.
5RouteONE — Helping enhance the real value from SAP GRC Risk Management |
RouteONE for SAP GRC Risk Management
The faster, better, more affordable option RouteONE for SAP GRC Risk Management builds on a comprehensive yet simple methodology with advanced automation tools and an extensive library of pre-built content. We also take an iterative design approach, which helps end users to be a core part of the implementation.
With its visualization tools, RouteONE also helps your different stakeholders to clearly see a draft working version of the result right at the start of your project. We call this ”hindsight in advance” as it helps you to make changes to the design from initiation right through the final go-live, facilitating an approach that better meets your requirements. RouteONE helps remove many of the obstacles that typically prevent a smooth deployment. Instead of manually configuring your approach or forcing your organization to fit a standard template, RouteONE automates many elements of the deployment process using our advanced QuickBuilder and QuickLoader tool sets. QuickBuilder helps you to accelerate configuration, freeing up resources to focus on visualizing the outcome and making critical design decisions. QuickLoader helps rapidly deploy master data, which means more time can be spent on realizing benefits and knowledge transfer, rather than preparing your data for go-live.
If your organization has invested, or is looking to invest, in SAP GRC Risk Management, then using RouteONE could help you to save money and support you to focus more energy and resources on getting your business on board with a new way of working.
Innovative thinking for an advanced approachRouteONE was born out of a vision to rethink how SAP GRC gets implemented and used. Having delivered many such projects, we sensed there must be a way to leverage our experience and knowledge. From that came the inspiration for a transformational approach — a different way of helping users to really understand how to manage risk better within their business, with meaningful insights and relevant reporting. Key in this was the innovative approach to build a robot that can build a system reliably and quickly, accommodating specific user requirements. This robot — now called QuickBuilder — has been used to create customized SAP GRC systems for clients in a fraction of the time it can take, and to provide a transformational approach to how organizations implement and use SAP GRC.
6 | RouteONE — Helping enhance the real value from SAP GRC Risk Management
RouteONE for SAP GRC Risk Management
Key benefitsBetter:• A tailored approach aligning to your requirements to help
meet the specific needs of your organization
• Engaging risk competence, training and consumer-like interfaces to support end-user adoption and innovation
• Helps you achieve greater accuracy through automated data entry
Faster:• Rapid methodology, automation and pre-built content to
help achieve go-live quicker
• Potential for a fixed go-live date
More affordable:• Helps you to reduce project costs, with a focus on resultant
operations and usage
RouteONE for SAP GRC Risk Management
• RouteONE rapid implementation methodology
• Pre-built SAP GRC Risk Management content
• Engaging risk — embedding a business-wide approach to risk management
• Hindsight in advance — visualizing the end state during blueprint to help fine-tune the final work product
• QuickBuilder configuration
• QuickLoader automated deployment of master data, risk register and KRI library
• Supports compliance with Risk Management frameworks — Basel II and ISO 31000
Creating trust in the digital world: EY’s Global Information Security Survey 2015
ey.com/GISS
Want to learn more?Insights on governance, risk and compliance is an ongoing series of thought leadership reports focused on IT and other business risks, and the many related challenges and opportunities. These timely and topical publications are designed to help you understand the issues and provide you with valuable insights about our perspective. Please view our Insights on governance, risk and compliance series at www.ey.com/GRCinsights.
Enhancing your security operations with Active Defense
ey.com/GRCinsights
Centralized operations: the future of operating models for Risk, Control and Compliance functions
ey.com/GRCinsights
Metrics matter: How Internal Audit can help organizations assess performance measurement
ey.com/GRCinsights
There’s no reward without risk: EY’s global governance, risk and compliance survey 2015
ey.com/GRCinsights
Maximizing value from your lines of defense
ey.com/LOD
Step up to the challenge: helping Internal Audit keep pace with a volatile risk landscape
ey.com/IArisks
Expecting more from risk management: drive business results through harnessing uncertainty
ey.com/REPM
Unlocking the value of your program investments: how predictive analytics can help in achieving successful outcomes
ey.com/PRM
Harnessing the power of data: how Internal Audit can embed data analytics and drive more value
ey.com/IAanalytics
Megatrends 2015: making sense of a world in motion
ey.com/megatrends
Improve your business performance: transform your governance, risk and compliance program
ey.com/transformGRC
7RouteONE — Helping enhance the real value from SAP GRC Risk Management |
RouteONE for SAP GRC Risk Management
About EYEY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.
EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.
About EY’s Advisory ServicesIn a world of unprecedented change, EY Advisory believes a better working world means helping clients solve big, complex industry issues and capitalize on opportunities to grow, optimize and protect their businesses.
From C-suite and functional leaders of Fortune 100 multinationals to disruptive innovators and emerging market small and medium-sized enterprises, EY Advisory works with clients — from strategy through execution — to help them design better outcomes and realize long-lasting results.
A global mindset, diversity and collaborative culture inspires EY consultants to ask better questions. They work with their clients, as well as an ecosystem of internal and external experts, to create innovative answers. Together, EY helps clients’ businesses work better.
The better the question. The better the answer. The better the world works.
© 2016 EYGM Limited. All Rights Reserved.
EYG no. 00463-162GBLBMC AgencyGA 0000_05058
ED None
In line with EY’s commitment to minimize its impact on the environment, this document has been printed on paper with a high recycled content.
This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.
ey.com/sap
Follow us on Twitter: EY_SAP
EY | Assurance | Tax | Transactions | AdvisoryContactsMarcus GötzPartner, Advisory [email protected] +49 89 14331 23471
Gavin CampbellPartner, Advisory [email protected] +971 4 332 4000
Werner van HaelstPartner, Advisory [email protected] +31 88 407 1167
Martyn ProctorExecutive Director, Advisory [email protected] +44 20 7951 3989