Mar 16-19, 2026Las Vegas, Nevada, NV
SAP Risk Management
Featured Insiders
Upcoming Events
SAPinsider Las Vegas 2026
Related Vendors
What is SAP Risk Management?
Risk management for a business isn’t just about identifying and eliminating areas of risk. For many organizations, it’s also about making decisions on acceptable levels of risk and establishing hierarchies of risk — what needs to be immediately dealt with and what can wait. Keeping track of all organizational risk in a centralized way makes it easier for companies to analyze risk impacts — this type of centralization is often enabled by technology. SAP Risk Management is one risk management tool within the SAP Governance, Risk, and Compliance (GRC) suite that supports risk identification, assessment, analysis, and monitoring.
What is SAP Risk Management?
Risk management for a business isn’t just about identifying and eliminating areas of risk. For many organizations, it’s also about making decisions on acceptable levels of risk and establishing hierarchies of risk — what needs to be immediately dealt with and what can wait. Keeping track of all organizational risk in a centralized way makes it easier for companies to analyze risk impacts — this type of centralization is often enabled by technology. SAP Risk Management is one risk management tool within the SAP Governance, Risk, and Compliance (GRC) suite that supports risk identification, assessment, analysis, and monitoring.
Risk management tools like SAP Risk Management often provide better visibility into organizational risk and bring together various types of risk into a single place for monitoring. Risk management solutions may include the following features, among others:
- Risk strategy and planning
- Risk identification
- Risk analysis
- Risk monitoring
- Dashboards and graphical views
- Real-time and automated risk monitoring
- Guided workflows to enforce governance rules
There are many sources of risk in an organization, and some vendors provide solutions to address various risk elements. For example, Appsian Security offers tools that bolster risk monitoring around financial transactions. Fastpath offers risk management solutions that focus on multiple areas of risk, including segregation of duties, regulatory compliance, and access risk. RSM’s toolset provides process automation around risk management.
Key Considerations for SAPinsiders:
- Risk events are rising, compounding the need for better risk monitoring and anticipation. Legacy tools and business models don’t typically offer the capabilities needed to properly manage risk in a centralized place. To fix this, companies are now including risk management as part of their digital transformation activities, implementing intelligent technologies and robotic process automation to help improve risk management and other GRC functions.
- GRC teams are stretched, according to our latest research on the state of the GRC market. The most successful organizations are taking pressure off GRC professionals with automation. You should look to automate risk management wherever possible — it’s best for repeatable processes. Risk management tools that automate risk monitoring and reporting reduce manual labor for GRC staff and free them up to do more strategy and planning.
- You can improve risk strategy and decision making across the entire company, from operations through audit, with risk-aware, risk-adjusted management. You should work toward this goal with strategies such as risk training for line-of-business users and by creating an interdisciplinary risk management committee.
25 results
Thoughts on Event-Driven Business Processes, Risk Mitigation, and Running a Real-Time BusinessMay 12, 2023 — Event-driven business processes are becoming more relevant, and there is a great wave of interest in this topic in the SAP ecosystem. The event-enabled nature of the SAP S/4HANA ERP system, coupled with its sibling Business Technology Platform, enables enterprises to use and develop responsive applications rapidly to seamlessly to take advantage of this new process paradigm.
3 minute read
Third-Party Risk Is Major Concern for OrganizationsOct 13, 2021 — Data breaches often result from attackers gaining access to poorly secured third parties as a path to breach their primary target. Unfortunately, many companies have little visibility into or control over third parties that connect to their systems.
To counter these risks, organizations should implement a third-party risk management program, advises Parham Eftekhari, senior vice president and executive director of the Cybersecurity Collaborative. That program should focus on identifying and reducing risks related to those third parties, which include vendors, suppliers, partners, contractors, and service providers.
While requirements for a third-party risk management can vary by industry and organization size, there are best practices that every organization can employ to reduce risk.
Watch this video to find out:
- How to identify third-party risks
- How to conduct an inventory of your third parties
- What best practices you should use to reduce the risks from those third parties
1 minute read
Expert Q&A: The Importance of Integrating Cybersecurity and Enterprise Risk ManagementJun 9, 2021 — As security professionals are all too aware, cyber threats have become dramatically more visible to many organizations in the last couple of years. And risks have proliferated across the enterprise.
Gabriele Fiata, head of enterprise risk management and innovation at SAP, recently sat down with SAPinsider to share his thoughts on the common mistakes that enterprises make when managing cybersecurity risk and the need to integrate cybersecurity into an enterprise’s risk management framework. Fiata has worked in the SAP security and GRC space for more than 15 years, the last three with SAP itself.
In the following video, Fiata explains some of the common security mistakes that enterprises make, including being overconfident about risk, not having risk owners, and following hyped up security trends. To correct these mistakes, organizations should integrate cybersecurity risks with other risks so that the C-suite and board have a comprehensive view of risk, he advises.
Watch the video to learn more.
1 minute read
Least Privilege 2.0: Controlling Risk in a Dynamic EnvironmentJun 8, 2021 — A growing landscape of laptops and smartphones, widespread internet access, and remote workforces throughout the world have increased the need for risk and identity management and has changed how security models should operate. Continuing to focus on only two dimensions, the “Who” (users and user groups) and the “What” (roles and authorizations), leaves organizations vulnerable to new and emerging security threats. Today, businesses must consider a third dimension to user access risks: the “When.” How can companies better control the assignment of access rights related to tasks, rather than unilaterally granting privileges to users?
In this session, join Appsian’s SAP Security experts as they discuss how SAP ERP customers can address and manage Least Privilege in today’s digital world, while explaining why access governance is critical to SAP security and how organizations can take steps to minimize their risk exposure.
Attend this session to learn how to:
- Strengthen Least Privilege by incorporating context into controls
- Minimize risk exposure while enabling flexible, user-friendly access
- Protect critical data and transactions in untrusted environments
- Adapt to changing security and compliance requirements
1 minute read
Beyond SOX: Addressing non-financial risks through SAP configuration and sound supporting processesJun 8, 2021 — While many organizations focus on compliance during an SAP implementation, often related to financial reporting and regulations such as Sarbanes-Oxley (SOX), they might be underutilizing optional SAP controls that could provide extreme value to their SAP system and supporting processes. How can you apply SAP configuration and sound supporting to minimize and mitigate operational and strategic risks? This session will take a deep dive into missed and misunderstood controls and processing, while sharing configurations and practices that can make your organization run more efficiently, reduce time spent on non-value-added work, and mitigate risk.
Attendees will:
- Hear specific examples of underutilized or misused controls covering the SAP Basis system (i.e. table logging), vendor/customer master (i.e., dual control), procurement (i.e., tolerances), sales (i.e., incompleteness), GRC (i.e., the firefighter process), and more
- Learn about some of the most commonly seen control misunderstandings and the risks created by actions such as using only % or absolute values in tolerances
- Obtain tips on how to create the business case for resolving these control gaps and enabling these controls, using simple data analysis procedures through SAP Query to the BI Warehouse to quantify risk exposure and value
- Understand who in the organization should be involved in recommending and validating control changes, and how to set up an appropriate cross-functional team to ensure decisions are sound and don't introduce other risks
- See how, once identified, tools like SAP Audit Management or SAP Process Control can be used to track the remediation status of these gaps to completion
1 minute read
Automating risk management at the speed of threatsJun 8, 2021 — With an increase in malicious cyber activity, organizations are racing to secure their mission-critical applications powered by SAP. An increase in exploitable vulnerabilities means your essential applications, the data running through them, and your operations as a whole are at risk. In this session, we will highlight the current risks organizations are facing and share how automating risk management can help you keep pace with emerging threats. Attend this session to:
- Understand the need for automated visibility into the risk posture of your systems
- Create a broader risk management program that includes a view of mission-critical assets needing protection
- Learn how to mitigate SAP risks to your data and applications
1 minute read
Increasing Threats Highlight the Need for Robust Enterprise Risk ManagementMay 28, 2021 — In the face of challenging micro and macro events, companies need to be able to anticipate and better manage risks that impact their core business objectives. Additionally, legacy business models and IT landscapes don’t contain all of the capabilities necessary to manage risk across the entire enterprise. For example, intelligent technologies like robotic process automation are not available in older ERP systems. As a result, there is an urgent need for a new approach to risk and compliance by incorporating governance, risk, and compliance (GRC) and security in digital transformation initiatives.
2 minute read
How to Manage Enterprise Risk in Remote and Digital EnvironmentsMay 5, 2021 — As organizations migrate to SAP S/4HANA as part of their digital transformation effort, they should prioritize governance, risk, and compliance (GRC). The Institute of Internal Auditors (IIA) has developed a Three Lines Model to help with that journey. First-line roles include operation and support functions; second-line roles encompass corporate risk, compliance, and quality assurance functions; and third-line roles cover internal audit and independent assurance functions.
GRC strategies need to be employed across all three lines to establish a more effective risk management program. The model necessitates role alignment, communication, coordination, and collaboration, with all the roles operating simultaneously. This becomes even more important for organizations with the move to remote work in response to the global pandemic.
Integrating GRC and SAP S/4HANA is a critical component in bridging the gap between the three lines. “Transforming organizations shouldn’t think of SAP S/4HANA and GRC systems as separate items; they should be thinking that they need an SAP S/4HANA system with embedded GRC capabilities,” says Michael Heckner, Senior Director of GRC Solution Marketing at SAP. Ultimately, organizations should embed GRC in their core business platforms for digital transformation success.
Read this article and learn:
- What the IIA’s Three Lines Model is and how it can ensure that GRC is a priority in your organization’s digital transformation;
- How you can bridge the gaps between the three lines, particularly in a remote work environment;
- The importance of embedding GRC in your organization’s SAP S/4HANA migration;
- The seven steps to take to ensure risk protection for your intelligent enterprise.
12 minute read
GRC Strategy and Risk ManagementJan 14, 2021 — There are many unforeseen risks that can impact your business. How do you manage and develop strategies to better understand and manage your risk portfolios? How can you prepare for unforeseen risks before it is too late? This track helps you refine your overall strategy and explore key solutions and technologies that can support you in planning, reporting, compliance, and remediation activities. Learn how to prioritize investments to protect key assets while managing risk in real time. Examine the impacts of key strategic projects you may be embarking on related to SAP S/4HANA, the cloud, or other technological or organizational changes.
2 minute read
Things that Go Bump in the Night: What your Admins are up to when You aren’t LookingOct 20, 2020 — SAP administrators are often thought of as gatekeepers who hold the keys to accessing a company’s SAP systems. While they often prevent users from gaining access to sensitive information, their own position comes with risks that they themselves could commit security breaches. In this session, we will discuss the different ways SAP admins expose your company to fraud — whether accidental or intentional. Topics include:
Reviewing mistakes made by security teams when setting up user roles
Assigning debugger access in production
Using custom tables to gain access
1 minute read