Operational Risk Management - uni-frankfurt.de · SEM Risk Management Treasury ... ©SAP AG 2003,...
Transcript of Operational Risk Management - uni-frankfurt.de · SEM Risk Management Treasury ... ©SAP AG 2003,...
1
Overview about a planned newapplication for mySAP ERP
Operational Risk
Management
Solution Management mySAP ERP
© SAP AG 2003, Title of Presentation, Speaker Name / 2© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 2
Agenda – Operational Risk Management
SAP’s two folded Offering
SAP’s planned Operational Risk Management (ORM)
Guiding Principles for ORM
External Requirements for Risk Management
Corporate Governance and Risk Management
SAP SEM Strategic Risk Management
ORM in Detail
2
© SAP AG 2003, Title of Presentation, Speaker Name / 3© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 3
Corporate Governance - Objectives
Compliance with rules and regulationsDetection of exceptions
Accurate, auditable Accountingunlimited access External / Internal
Fast CloseFast Transformation
Speed
Transparency
Compliance
© SAP AG 2003, Title of Presentation, Speaker Name / 4© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 4
Corporate Governance – external Requirements
RequirementsAccurate & auditable accountingParallel accountingTransparency of accounting figuresTimely availability of financial informationCompliance with accounting standardsCompliance with corporate governance std.Documentation of tax relevant informationTransparency in treasuryAuditable (operational) processesMid-term planningStrategy outlookTransparency of risk situation
CFO
Auditors
Public authorities(Tax,Regulators,
Stock Exchanges)
Creditors(Banks, Investors)
Analysts &Rating Agencies
Rules and regulations
US-GAAP, IAS, local GAAPs, Basel II, local tax regulations, Corp.Gov Codex, Sarbanes-Oxley Act, LSF, COSO, COSO II, KonTraG, ...
3
© SAP AG 2003, Title of Presentation, Speaker Name / 5© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 5
mySAP ERP supporting Corporate Governance
Built-in Control Principles of theSAP ArchitectureInherent ControlsConfigurable ControlsSecurity ControlsReporting Controls
→ SAP NetWeaver & mySAP ERP
System IntegrationReduce complexityReduce custom integrationIncrease company performance
→ SAP NetWeaver
Applications directly supportingCorporate GovernanceManagement of Internal ControlsAudit Information SystemWhistler Blower ComplaintsTransparency for Basel IIOperational Risk Management *
→ mySAP ERP
Additional Capabilities(New) General LedgerFast CloseSupport for IASTransfer PricingSEM Business ConsolidationSEM Business PlanningSEM Strategy & Performance Mgmt.SEM Risk ManagementTreasury
→ mySAP ERP* planned for mySAP ERP 2006
© SAP AG 2003, Title of Presentation, Speaker Name / 6© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 6
Analytics Strategic Enterprise Management Financial Analytics Operations Analytics Workforce Analytics
Financials Corporate GovernanceFinancial Accounting Management
AccountingFinancial Supply
Chain Management
Human Capital Management
Employee Relationship Management
Employee Lifecycle Management
Employee Transaction Management
Operations: Value Generation Purchasing Inventory
Management Manufacturing Distribution Sales OrderManagement
Service Order Management
Corporate Services Travel Management Environment, Health
and Safety
Incentive and Commission Management
Corporate Real Estate
SAP NetWeaver™ People Integration Information
Integration Process Integration Application Platform
Operations: Support
Product StructureManagement Project Management Quality Management Asset Management
WorkforceManagement
SEMBusiness ConsolidationStrategic RiskManagement Strategy ManagementPerformance MeasurementFinancial Statement Planning
Financial AnalyticsPlanning and Budgeting
Corporate GovernanceAudit Information SystemManagement of Internal ControlsWhistle BlowerOperational Risk Management *
Financial AccountingNew General LedgerFast CloseIAS
Management AccountingTransfer Pricing
* planned for mySAP ERP 2006
mySAP ERP Solution Map
SAP PrinciplesInherent ControlsConfigurable ControlsSecurity ControlsReporting Controls
mySAP ERP supporting Corporate Governance
FSCMTreasury
4
© SAP AG 2003, Title of Presentation, Speaker Name / 7© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 7
Agenda – Operational Risk Management
SAP’s two folded Offering
SAP’s planned Operational Risk Management (ORM)
Guiding Principles for ORM
External Requirements for Risk Management
Corporate Governance and Risk Management
SAP SEM Strategic Risk Management
ORM in Detail
© SAP AG 2003, Title of Presentation, Speaker Name / 8© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 8
1) COSO I and Risk Management
Control Activities
Policies/procedures that ensure management directives are carried out.
Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties.
Monitoring
Assessment of a control system’s performance over time.
Combination of ongoing and separate evaluation.
Management and supervisory activities.
Internal audit activities.
Control Environment
Sets tone of organization-influencing control consciousness of its people.
Factors include integrity, ethical values, competence, authority, responsibility.
Foundation for all other components of control.
Information and Communication
Pertinent information identified, captured and communicated in a timely manner.
Access to internal and externally generated information.
Flow of information that allows for successful control actions from instructions on responsibilities to summary of findings for management action.
Risk Assessment
Risk assessment is the identification and analysis of relevant risks to achieving the entity’s objectives-forming the basis for determining control activities.
All five components must be in placefor a control to be effective.
5
© SAP AG 2003, Title of Presentation, Speaker Name / 9© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 9
Risk Assessment
A precondition to risk assessment is establishment of objectives, linked at different levels and internally consistent
The identification and analysis of relevant risks to achievement of the objectives
Forms a basis for determining how risks should be managed
Mechanisms are needed to identify and deal with the special risks associated with change
1) COSO I and Risk Management: Risk Assessment
© SAP AG 2003, Title of Presentation, Speaker Name / 10© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 10
Evaluate documentation and test significant controls at each location or
business unit.
Evaluate documentation and test controls over specific risks.
No further action required for such units.
Evaluate documentation and test entity wide controls over group.
Some testing of controls at individual locations or business units required.
Yes
Yes
Yes
Yes
No
No
No
No
1) COSO I and Risk Management: Scoping
Is location or business unit individually important?
Are there specific significant risks?
Are there locations or business units that are not important even when aggregated with others?
Are there documented entity wide controls over this group?
6
© SAP AG 2003, Title of Presentation, Speaker Name / 11© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 11
2) Sarbanes-Oxley Act and Risk Management
Rapid and current information on material changes in the financial condition or operations, including trend and qualitative information for protection of investors and in the public interest
409
Annual report should include a report by management on the effectiveness of internal control over financial reporting
404
Certification of contents of SEC reports by CEO and CFO302
RequirementSection
Contribution of a Risk Management system:
Transparency of business risks effecting business unit targets
Audit-proof Risk Management system identifies risks that must be included in disclosure
Drilldown into risk situation of multiple business units
© SAP AG 2003, Title of Presentation, Speaker Name / 12© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 12
COSO II and Risk Management: Definition
COSO II is the new framework for Enterprise Risk Management
DefinitionEnterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identifypotential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assuranceregarding the achievement ofentity objectives.
7
© SAP AG 2003, Title of Presentation, Speaker Name / 13© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 13
3) COSO II and Risk Management: Objective Categories
Objective Categories
Strategic – relating to high-level goals, aligned with and supporting the entity’s mission and vision.
Operations – relating to effectiveness and efficiency of the entity’s operations, including performance and profitability goals. They vary based on management’s choices about structure and performance.
Reporting – relating to the effectiveness of the entity’s reporting. They include internal and external reporting and may involve financial and non-financial information.
Compliance – relating to the entity’s compliance with applicable laws and regulations.
© SAP AG 2003, Title of Presentation, Speaker Name / 14© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 14
3) COSO II and Risk Management: Components
8
© SAP AG 2003, Title of Presentation, Speaker Name / 15© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 15
3) COSO II and Risk Management: Concepts
Fundamental concepts of Enterprise Risk Management
Is a process – it's a means to an end, not an end in itself Is effected by people – it's not merely policies, surveys and forms, but involves people at every level of an organization Is applied in strategy settingIs applied across the enterprise, at every level and unit, and includes taking an entity-level portfolio view of risksIs designed to identify events potentially affecting the entity and manage risk within its risk appetite Provides reasonable assurance to an entity's management and board Is geared to the achievement of objectives in one or more separate but overlapping categories.
© SAP AG 2003, Title of Presentation, Speaker Name / 16© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 16
3) COSO II and Risk Management
Event IdentificationManagement identifies potential events affecting an entity’s ability to successfully implement strategy and achieve objectives.
Events with a potentially negative impactrepresent risks, which require management’s assessment and response.
Events with a potentially positive impact may offset negative impacts or represent opportunities which get channeled back into the strategy and objective-setting processes.
A variety of internal and external factors give rise to events. When identifying potential events, management considers the full scope of the organization.
Management considers the context within which the entity operates and its risk tolerances.
9
© SAP AG 2003, Title of Presentation, Speaker Name / 17© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 17
3) COSO II and Risk Management
Risk AssessmentRisk assessment allows an entity to consider the extent to which potential events might have an impact on achievement of objectives.
Management should assess events from two perspectives − likelihood and impact − and normally uses a combination of qualitative and quantitative methods.
The positive and negative impacts of potential events should be examined, individually or by category, across the entity.
Potentially negative events are assessed on both an inherent and a residual basis.
© SAP AG 2003, Title of Presentation, Speaker Name / 18© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 18
3) COSO II and Risk Management
Risk ResponseHaving assessed relevant risks, management determines how it will respond.
Responses include risk avoidance, reduction, sharing and acceptance.
In considering its response, management considers costs and benefits, and selects a response that brings expected likelihood and impact within the desired risk tolerances.
10
© SAP AG 2003, Title of Presentation, Speaker Name / 19© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 19
Expanded responsibilities of the Executive Board according to §91 Abs. 2 AktG
Requirement to establish a control systemTake action to detect risks that endanger the existence of an enterprise as an early stage.
Inspection of the Risk Management System through external auditors according to §317 paragraph 4 HGB
Has action been taken according to § 91 Abs. 2 AktGIs the Risk Management System adequate for its purpose
Depiction in the audit report according to §321 paragraph 4 HGBAssessment of the Risk Management System in a separate chapter of the auditors reportAssessment if an enhancement of the Risk Management System is required.
4) German KonTraG and Risk Management
© SAP AG 2003, Title of Presentation, Speaker Name / 20© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 20
Agenda – Operational Risk Management
SAP’s two folded Offering
SAP’s planned Operational Risk Management (ORM)
Guiding Principles for ORM
External Requirements for Risk Management
Corporate Governance and Risk Management
SAP SEM Strategic Risk Management
ORM in Detail
11
© SAP AG 2003, Title of Presentation, Speaker Name / 21© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 21
Two Complimentary Risk Management Applications in mySAP ERP
Strategic Risk Management Operational Risk Management *
Risk Quantification
OrganizationalUnits
Risks affect…
Unlimited number of hierarchy levelsBased on Balanced Scorecard Framework: One BSC represents one Organizational Unit
Unlimited number of hierarchy levelsOrg. Units represent legal entities, business units and departments.
… Performance Metrics of an Organizational UnitExamples: Net Sales, EBIT, …Performance Metrics can be linked to strategic objectives on the Org. Unit
… Activities within an Org. UnitActivities can be Processes, Projects and other activities
Based on “impact”, representing deviations from the Performance Metric target amount.Instead of Probability, the impact can be expressed in categories like “expectation value” and others
Impact is quantified as “Total Loss” in monetary unitsQualitative impacts can be expressedProbability of occurrence expressed as a percentage
* planned for mySAP ERP 2006
© SAP AG 2003, Title of Presentation, Speaker Name / 22© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 22
Strategic Risk Management based on SEM BSC
Risk Management
Risk CategoryRisk-Group A
Risk 1
Risk 2
Risk-Group BRisk 3
Risk CategoryRisk-Group A
Risk 1
Risk 2
Risk-Group BRisk 3
Risk-Analysis
Risk-Assessment
Risk-Handling
Risk-Controlling
Early Warning
Quantification of Risksby specific methods
outside of SAP SEM.
Quantification of Risksby specific methods
outside of SAP SEM.
Early Warning Indicators (Measures)Early Warning Indicators (Measures)
Value Based Management
VBM KPIsROCE, DCF, EVA, etc
VBM KPIsROCE, DCF, EVA, etc
Generic Value Drivers
Revenues Growth, Margins, Tax Rates, WACC
Generic Value Drivers
Revenues Growth, Margins, Tax Rates, WACC
Business specificValue Drivers
Business specificValue Drivers
Balanced Scorecard
StrategyStrategy
ObjectivesObjectives
MeasuresFinancial Top-KPIs
Strategic Success Factors (SSF)
MeasuresFinancial Top-KPIs
Strategic Success Factors (SSF)
InitiativesInitiatives
Risks have an impact on theresults of KPIs
12
© SAP AG 2003, Title of Presentation, Speaker Name / 23© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 23
myS
AP
CR
Mm
ySAP
ERP
H R
mySAPERP
Management of internal Controls
Operational Risk Management
Entities Roles
Process
ORM Overview
RiskPlanning
Risk Identification
Risk Response
Risk Monitoring
Validator
AssessmentOwner
Risk Owner
Risks
OrganizationalUnits
Activities
Risk Analysis
© SAP AG 2003, Title of Presentation, Speaker Name / 24© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 24
ORM Overview
Risk 3
Process: Sales Order Entry
Risk n
Corporate
Sales
Europe
Americas
Total loss Probability Risklevel
Response cost
Expectedloss
100.000 €
150.000 €
30 %
10 %
30.000 €
15.000 €
2
3
250.000 € 45.000 €
70.000 € 35.000 €
320.000 € 80.000 €
… …
… …
800.000 € 230.000 € 65.000 €
…
…
20.000 €
10.000 €
6.000 €
4.000 €
10.000 €
R&D 300.000 € 100.000 € 30.000 €
…
Risk2: Key project members leaving
Risk1: Delayed kick-off
Project: New Distribution Center
13
© SAP AG 2003, Title of Presentation, Speaker Name / 25© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 25
Agenda – Operational Risk Management
SAP’s two folded Offering
SAP’s planned Operational Risk Management (ORM)
Guiding Principles for ORM
External Requirements for Risk Management
Corporate Governance and Risk Management
SAP SEM Strategic Risk Management
ORM in Detail
© SAP AG 2003, Title of Presentation, Speaker Name / 26© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 26
Operational Risk Management
Purpose of Operational Risk Management
Get an overview on the Risk situation of organizational units by tracking Risks on activity level.
Get overview on the Risk situation based on the activities that are potentially carrying risks, especially Processes and Projects.
Understand priorities by performing quantitative and qualitative Risk assessments.
Manage Risks by assigning appropriate responses
14
© SAP AG 2003, Title of Presentation, Speaker Name / 27© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 27
Guiding Principles for the ORM Application
Risks are not assigned and analyzed at the level of Organizational Units, but on the level of Activities that take place within an Organizational Unit.
Risks can occurwithin business processesduring the course of a projectin other activities and objects that are neither processes nor projects
Within ORM, Risks will be identifiedassessedmanaged by applying appropriate response strategies
The ORM will provide defined Roles to support an appropriate authorization conceptWorkflows between Roles to support the necessary interaction when approvals are needed.
The ORM will provide predefined online ad-hoc analysis, as well as data warehouse structures for flexible multidimensional reporting
© SAP AG 2003, Title of Presentation, Speaker Name / 28© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 28
Entities within ORM – Overview –
Risks
OrganizationalUnits
Activitiesa specific operation that may lead to risks in an organization unitThree types of activities can be assigned to Organizational Units:
Processes: potentially all operational and admin processeswithin an enterprise
Projects: potentially all internal and customer projectsObjects: generic activity that is neither a project nor a
process (e.g. “Production Plant A”)
Arranged in an Org. Unit hierarchy, e.g. according to HR-OrgHeaded by a named Org. Unit ManagerMain entry point for analyzing the risk situation
named uncertain event or condition that has a negative effect onthe business.Risks are assigned to Processes Projects or Objects within a certain Organizational Unit
15
© SAP AG 2003, Title of Presentation, Speaker Name / 29© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 29
Building Blocks of the Operational Risk Management
1. Configuration and Structure set up:Set up Organizational UnitsCreate Common Activity Catalogs (Projects, Processes, Objects), Common Risk Catalog, Risk-ProposalsDetermine other settings like Risk Levels, Risk Priorities,…
2. Risk Assessment Process:Enter BU-specific ActivitiesDetect and enter Risks, assess impact, probability, time frame, calculate Risk Level, Risk Priority, …Interaction between roles supported by workflowPropose and execute Risk Responses
3. Risk Analysis and Reporting:View ad hoc reports of the risk situation of Organizational UnitsUse OLAP reporting for detailed multidimensional analysisCreate mandatory standard reports per Org. Unit
© SAP AG 2003, Title of Presentation, Speaker Name / 30© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 30
Roles within ORM
Validator
AssessmentOwner
Risk Owner
perform Risk Assessments: overall identification, analysis, and response planning of all Risks assigned to an Activity act at different organizational levels, with access only to those Activities and Risks with which he is personally involvedtypically: Line Managers, Project Managers, Internal Audit, and others assigned at the level of the specific Organization Unit
analyze Risks, initiate Risk response action and follow-up on Risk response actions. Usually nominated by the Assessment Owners if a special knowledge is required for Risk handling purposes. act independent of their organizational assignment but with access only to those responses where they are personally involved
validate and approve or reject the Risk Assessments, reject individual Risks, and set the “sensitivity level” of a Risk (access to the Risk and its details is then further restricted).check the risk documentation, analysis, response strategy, and individual responses of all risks of an activity the real person may be the organization unit manager who has thebudget responsibility for the response execution
16
© SAP AG 2003, Title of Presentation, Speaker Name / 31© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 31
Interaction between Roles: Example
Org. Unit Manager(acting as Validator)
Project Manager(acting as
AssessmentOwner)
Project member
(acting as Risk Owner)
Risk sent for
approval
Assess-ment sent
for approval
Response sent for approval
Initiate Response
Project sent for approval
Enter project as activity of Org. Unit
1
Approve or reject Project
Approve or reject Risk,
optional: set sensitivity
Enter Risk Response
Detect and enter Risk for the project
Perform Risk Assessment, select Response Owner
Approve or reject Response
Approve or reject Assessment
42
3
© SAP AG 2003, Title of Presentation, Speaker Name / 32© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 32
Interaction between Roles: Example
Org. Unit Manager(acting as Validator)
Project Manager(acting as
AssessmentOwner)
Project member
(acting as Risk Owner)
Risk sent for
approval
Assess-ment sent
for approval
Response sent for approval
Initiate Response
Project sent for approval
Enter project as activity under Org.
Unit
1
Approve or reject Project
Approve or reject Risk,
optional: set sensitivity
Enter Risk Response
Detect and enter Risk for the project created by project
manager
Perform Risk Assessment, select Response Owner
Approve or reject Response
Approve or reject Assessment
4 6 82
3
5
7
17
© SAP AG 2003, Title of Presentation, Speaker Name / 33© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 33
Agenda – Operational Risk Management
SAP’s two folded Offering
SAP’s planned Operational Risk Management (ORM)
Guiding Principles for ORM
External Requirements for Risk Management
Corporate Governance and Risk Management
SAP SEM Strategic Risk Management
ORM in Detail
© SAP AG 2003, Title of Presentation, Speaker Name / 34© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 34
ORM Entities in Detail: Organizational Units
Corporate
Sales
Business Unit 1
Organizational Units structured in a hierarchyParallel hierarchies are possible to model matrix organizationsExample:
Production
Purchasing
R&D
…
Europe
Americas
Asia Pacific
Plant Spain
Plant Italy
18
© SAP AG 2003, Title of Presentation, Speaker Name / 35© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 35
Groupings for Reporting and OverviewsOperational Assignments
ORM Entities: Org. Units, Activities and Risks
Common Projects
Actual Risk 1
Actual Process 1
Common RisksOrganizational
Unit
Common Objects
Common Processes
Actual Object 1
Actual Project 1
Actual Risk 4
Actual Risk 3
Actual Risk 2
Actual Risk 3
Actual Process n
Actual Risk n
Actual Project n
Actual Risk m
© SAP AG 2003, Title of Presentation, Speaker Name / 36© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 36
Entity Relations - Example -Common Projects
Project Group 1
Project Group 11
Project 1
Project Group1 2
Project 2
Project 3
Project 4
Project 5
Common ProcessesProcess Group 1
Process Group 11
Proc. 1
Process Group12
Proc. 2
Proc. 3
Proc. 4
Proc. 5
Common ObjectsObject Group 1
Object Group 11
Object 1
Object Group 12
Object 2
Object 3
Object 4
Object 5
Organizational Units
Corporate
…
Business Unit
Process 2
Project 1
Object 3
Risk Category 1
Common Risk Catalog
Risk Group 1
„Exchange Rate“
Risk Group 2
Common Risk 2
Common Risk 3
Common Risk 4
Common Risk 5
„USD – EURO“
„USD – YEN“
BU specific Risk 3
BU specific Risk 4
BU specific Risk 5
BU specific Risk 6
BU specific Risk ...
19
© SAP AG 2003, Title of Presentation, Speaker Name / 37© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 37
Common Activity Catalogs: Project, Process, Object
Common Project CatalogProject Group 1
Project Group 11
Project 1
Project Group 12
Project 2
Project 3
Project 4
Project 5
Common Process CatalogProcess Group 1
Process Group 11
Process 1
Process Group 12
Process 2
Process 3
Process 4
Process 5
Common Object CatalogObject Group 1
Object Group 11
Object 1
Object Group 12
Object 2
Object 3
Object 4
Object 5
Common Projects, Processes and Objects are held in company wide catalogues. In those catalogues they can be grouped to any depth.
Corporate wide defined Risk Proposal Catalogues can be assigned to all sorts of Common Activities
For each organizational Unit, a Filter can be defined to propose and allow only specific sets of Projects, Processes and Objects
Common Activities mainly consist only of a technical name and a description
© SAP AG 2003, Title of Presentation, Speaker Name / 38© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 38
ORM Entities in Detail: Activity Master Data – 1 –
Activities *
comments added by the Validator of the activity while approving it. Can be used by the Activity Owner to send comments back to the Validator when the Activity is sent for validation.
Approval Comment
Validator for this ActivityValidator
Assessment Owner for this ActivityAssessment Owner
name for the new ActivityTitle
selected Common Activity IDCommon Activity
system assigned numeric Activity IDActivity ID
Creation date of the ActivityDate
* Activities can be Projects, Processes, Objects
20
© SAP AG 2003, Title of Presentation, Speaker Name / 39© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 39
ORM Entities in Detail: Activity Master Data – 2 –
Activities
optional, monetary, business-related opportunity value for the new Activity
Opportunity Value
frequency (predefined intervals) with which the Activity is to be assessed
Assessment Frequency
approval status of the Activity. Includes options like “Draft” and “To be validated”. For a new Activity, “Draft” is the default status setting.
Approval Status
display only, numeric ID of the Org. Unit to which the Activity is assigned
Organizational Unit
Project, Process, or ObjectActivity Type
default is the current date but can be changed to reflect the actual date on which the Activity was identified
Identification Date
© SAP AG 2003, Title of Presentation, Speaker Name / 40© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 40
ORM Entities in Detail: Risk Master Data – 1 –
Risks
Currency in which the risk values will be expressedCurrency
If during the Validation phase the Validator determines that this Risk is “sensitive”, she/he will mark it as such. This designation limits the viewing of this Risk to a select audience
Sensitivity
By default the user who created the Risk. Can be changedRisk Owner
Current “live cycle” status. Includes options like “Draft” and “Released for validation”, “Finished”, “Occurred”. For a new Risk, “Draft” is the default status setting.
Risk Status
Activity to which the Risk was assignedActivity ID
name for the new ActivityTitle
selected Common Risk IDCommon Risk
system assigned numeric Risk IDRisk ID
Creation date of the RiskDate
21
© SAP AG 2003, Title of Presentation, Speaker Name / 41© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 41
ORM Entities in Detail: Risk Master Data – 2 –
Risks
Free text. Additional detail about the RiskComment
Free text. Existing incident or action that influences the probability that a particular Risk event will occur
Event Driver
Free text. The possible negative outcome of the current condition that is creating uncertainty
Consequence
Free text. The key circumstance, situation, etc. that is causing concern, doubt, anxiety, or uncertainty
Condition
Marking a risk as external will exclude the Risk from reporting. This allows the capturing of risks that, for example, exist at a customer in a project context but that only impose an impact on the customer without impact on the own company.
External Risk Flag
© SAP AG 2003, Title of Presentation, Speaker Name / 42© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 42
Risk Assessment: Transactional data for Risks
Basic dataTotal Loss
Global qualitative Impact
Local qualitative Impact
Probability
Time Frame
System calculated/derived dataExpected Loss
Risk level
Risk Priority
Net Opportunity Value (especially useful for Projects)
22
© SAP AG 2003, Title of Presentation, Speaker Name / 43© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 43
E X A M
P L E S
Risk Assessment: Basic Data
Probability: „Probability that the impact associated with the Risk will materialize“.Given as a percentage from 0% to 99%Mapped into categories
Total Loss or Global Impact: Maximum loss in case the Risk will materializeGiven either as an amount or as a “level”
(see example here)Mapped into globally defined categories
Local Impact: Severity of Impact of the Risk on a Business Unit specific scale.Given as a “level”.Will often differ from the Global Impact category.
Time Frame: Period of time in which action is required to respond to a RiskGiven as a range (long, medium, short)
Time fram
e
6 month3 monthmedium
< 6 monthlong
3 month0 monthshort
tofromTime frame
Global Im
pact
>25.000.000
5.000.000
1.000.000
200.000
0
from €
Catastrophic5
Major25.000.0004
Moderate5.000.0003
Minor1.000.0002
Insignificant200.000 €1
classificationto €levelLocal Im
pact500.000 €
150.000 €
50.000 €
20.000 €
for info, Org..Unitspecific
>500.000 €
150.000 €
50.000 €
20.000 €
0
for info, Org. Unit specific
Catastrophic5
Major4
Moderate3
Minor2
Insignificant1
classificationlevel
Probability
Near certainty9981
Highly likely8061
Likely6041
Unlikely4021
remote200
classificationto %from %
© SAP AG 2003, Title of Presentation, Speaker Name / 44© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 44
Risk Assessment: Expected Loss
Calculated as Total Loss * Probability
Used for comparison with the response costs
Expected loss is aggregated over Common Activities and Organizational Units
23
© SAP AG 2003, Title of Presentation, Speaker Name / 45© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 45
Risk Assessment: Determination of Risk Level
Global Risk level is derived from Global qualitative Impact and ProbabilityLocal Risk level is derived from Local qualitative Impact and ProbabilityUser defined matrix identifies Risk LevelsRisk Level is later on used for Risk PrioritizationExample Matrix for derivation of Risk Level:
Medium risks… indicate that some disruption could occur. No immediate management action required for medium risks, but continuous risk monitoring has to be initiated and future action may be needed.
High risks:… are considered unacceptable risks where major disruption is likely. Priority management attention is usually required for high risks to bring the situation under control.
Impact level
MLLLL0-20%1
Probability
54321
MMLLL21-40%2
HMMLL41-60%3
HHMML61-80%4
HHHMM81-99%5
%level
Low risks… mean minimum impact where no management action is required.
© SAP AG 2003, Title of Presentation, Speaker Name / 46© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 46
Risk Assessment: Risk Prioritization
Prioritizing risks is important when it comes to the questions which risks should be dealt with first, especially when the allocation of significant resources is required to manage the risk.Derived from the combination of „Risk level“ and time frame, grouped in categories like
short (e.g. within 3 month), medium (e.g. within 6 month), long (e.g. within 9 month)
User defined Matrix identifies Risk Priority
Example Matrix for derivation of Risk Priority:
125short
Expected date of occurrence
347medium
689long
highmediumlow
Risk levelRisk Priority from 1 - 9
Based on the Risk Priority, a “Top N-Risks” – list could be produced as part of the Risk Reporting !
24
© SAP AG 2003, Title of Presentation, Speaker Name / 47© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 47
Risk Assessment: Net Opportunity Value
Activities – especially Projects – usually offer an opportunity, which can be expressed in a currency value.In this case, a Net Opportunity Value can be calculated, which is based on the Opportunity value of the activity and the Risk situation:
Opportunity Value- Expected Loss
= Net Opportunity Value
The Net Opportunity Value can be compared with other risk related values like Total Loss, Expected Loss or Response Costs to better understand the risk situation of an activity
© SAP AG 2003, Title of Presentation, Speaker Name / 48© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 48
Risk Assessmet: Overview of Data to be maintained
The magnitude of the actual loss value accrued when a risk event occurs, measured in a monetary amount
Total Loss
Counter measures to handle the Risk, described with:Risk Response type (Close, Accept, Watch, Research, Transfer, Delegate, Mitigate)Response OwnerAction dateResponse costResponse descriptionExpected Risk reduction (Probability and/or Quantitative and/or Qualitative Impact)Contingency Plan (Document attached to the risk holding the details of what are the consequences and subsequent actions when the risk response fails)
Risk Response
Timeframe is the period when action is required to respond to a risk. Will be given in intervals like (example): Short 1 – 3 monthMedium 3 – 6 monthLong 6 – 9 month...
Time Frame
The local impact level is an estimation of the consequences of a risk on the basis of a configurable qualitative scale. Given as a category from 1 to n which is mapped against a locally valid table containing the values for each category in currency amounts
Local Impact
The global impact level is an estimation of the consequences of a risk on the basis of a configurable qualitative scale. Given as a category from 1 to n which is mapped against a globally valid table containing the values for each category in currency amounts
Global Impact
Probability that the impact associated with the Risk will materialize. Given as a percentage.Probability
25
© SAP AG 2003, Title of Presentation, Speaker Name / 49© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 49
Risk Assessment: Risk Response
When assessing Risk, one or more responses can be created for each individual risk.
Main data entered for each response:Response strategy (Accept, Watch, Research, Transfer, Delegate, Mitigate, see next slide)Response costs later on considered in the overall analysisProbability percentage change to which extent does the response change the probability. Example: “decrease by 5%”Total Loss change to which extent does the response change the total loss. Example: “decrease by 200.000 $”Global Impact changeif not derived from total loss change: to which extent does the response change the global impact. Example: “decrease by 1 level”Local Impact changeto which extent does the response change the global impact. Example: “decrease by 1 level”
© SAP AG 2003, Title of Presentation, Speaker Name / 50© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 50
Risk Assessment: Response Strategies
AcceptRisk acceptance involves no initial action. The risk will be handled as a problem if it occurs.Watch Risk watch involves monitoring the risks and their attributes for early warning of critical changes in impact, probability, timeframe, or other aspects.Research Risk research is the investigation of a risk until enough detail is known to be able to plan mitigation.Transfer Risk transfer is the allocation of authority, responsibility, and accountability for a risk to another person or organization outside of SAP or the project. See also risk delegation above.DelegateRisk delegation involves the assignment of responsibility for a risk to another person or organization within SAP or the project. See also risk transfer.MitigateRisk mitigation eliminates or reduces the risk by developing strategies and actions for reducing (or eliminating) the impact, probability, or timeframe to some acceptable level. Risk mitigation usually involves the expenditure of resources.
26
© SAP AG 2003, Title of Presentation, Speaker Name / 51© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 51
Aggregations and Calculations
Simple aggregation
n/a
Derived from calculation
Simple aggregation
Simple aggregation
Activity
n/an/an/aDerived from calculationRisk Priority
Simple aggregation
Simple aggregation
Simple aggregation
Simple aggregationResponse Cost
Simple aggregation
Simple aggregation
Simple aggregationManual entryExpected Loss
Derived from calculation
Derived from calculation
Derived from calculation
Derived from calculationRisk level
Simple aggregation
Simple aggregation
Simple aggregationManual entryTotal Loss
Org. UnitCommon Activity
Common Risk
Risk
Type of Aggregation on level ofRisk quantification
data
© SAP AG 2003, Title of Presentation, Speaker Name / 52© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 52
Risk Analysis
Two ways of doing Risk Analysis:Based on predefined screens in the online ApplicationBased on predefined, yet flexible Reports form the SAP data warehouse (OLAP-reporting)
Online Analysis:Calculation and visualization of all relevant Risk data on aggregated and detail levelsAggregation along
Organizational HierarchiesCommon ActivitiesCommon Risks
Various predefined views like “local values”, “global values”, “Before Risk Response”, “After Risk Response”
OLAP-Reporting:Predefined business content delivered through the SAP data warehouse (InfoCubes, Extractors, Queries)Data is extracted from the online applicationFlexible reports as usual in the OLAP-world: slice and dice, flexible aggregation, custom calculations,…
27
© SAP AG 2003, Title of Presentation, Speaker Name / 53© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 53
ORM Online Analysis: Example based on Org. Units
Risk1: Delayed kick-off
Project: New Distribution Center
Risk2: Key project members leaving
Risk 3
Risk n
Corporate
Sales
Europe
Americas
Total loss Probability Risklevel
Response cost
Expectedloss
100.000 €
150.000 €
30 %
10 %
30.000 €
15.000 €
2
3
250.000 € 45.000 €
70.000 € 35.000 €
320.000 € 80.000 €
200.000 € 50.000 €
520.000 € 130.000 €
820.000 € 230.000 € 65.000 €
35.000 €
15.000 €
20.000 €
10.000 €
6.000 €
4.000 €
10.000 €
R&D 300.000 € 100.000 € 30.000 €
Contrib. value
50.000 € 50 % 25.000 € 3 7.000 €
20.000 € 50 % 10.000 € 3 3.000 €
3
2
500.000 €
250.000 €
150.000 €
100.000 €
200.000 €
High 60
Medium40
Low0
Risk levelFrom%
2
2
1
Process: Sales Order Entry
© SAP AG 2003, Title of Presentation, Speaker Name / 54© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 54
Risk Reporting based on BW
Basis of the OLAP reporting are two InfoCubes that are delivered as business content:
InfoCube 1: Data on level of Risk and Organizational UnitInfoCube 2: Data on level of Activity and Organizational UnitA combination of both for a drill down is possible through a „MultiCube Query“
InfoCubes are filled by various extractors for:Master data, including texts and attributesHierarchiesTransactional data
End-User access to the data through predefined Queries (Reports) which can be accessed using a web browser.
New queries can easily be createdCustom calculations if necessaryQueries can be presented in a Portal
28
© SAP AG 2003, Title of Presentation, Speaker Name / 55© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 55
Collaborative Risk Assessments
As Risks often might affect not only one Org. Unit, Activity or Risk Owner, the solution includes the following collaboration features:
1. Collaborative RisksIf a Risk in Org. Unit A is also relevant for activities in Org Unit B and has presumably also a negative impact on Org. Unit B, this is called a collaborative Risk
2. Linked RisksIf a risk in Org. Unit A is somehow influenced by activities in Org. Unit B, but the impact only hits Org. Unit A, this is called a Linked Risk
3. Invitations for collaborative Risk AssessmentsIf for a Risk in Org. Unit A another person then the original Assessment Owner can contribute a Risk Assessment, this person can be invited to give his/her opinion in a additional Risk Assessment.
© SAP AG 2003, Title of Presentation, Speaker Name / 56© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 56
Collaborative Risks
Collaborative RisksIf a Risk in Org. Unit A is also relevant for activities in Org Unit B and has presumably also a negative impact on Org. Unit B, this is called a collaborative Risk.
Org. Unit A
Activity 1
Org. Unit B
Risk 1
Activity 2
Risk 1Create collaborative Risk, which is accepted* by Org. Unit B.
* Proposed collaborative Risks can also be rejected, thus preventing that this Risk becomes valid for Org. Unit B
Impact of Risk 1 is shown as assessed by Risk Assessment
Owner of Activity 1 in Org. Unit A
Impact of Risk 1 is shown as assessed by Risk Assessment
Owner of Activity 2 in Org. Unit B
29
© SAP AG 2003, Title of Presentation, Speaker Name / 57© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 57
Linked Risks
Linked RisksIf a risk in Org. Unit A is somehow influenced by activities in Org. Unit B, but the impact only hits Org. Unit A, this is called a Linked Risk
Org. Unit A
Activity 1
Org. Unit B
Risk 1
Activity 2
Risk 1Create Linked Risk, which is accepted* by Org. Unit B.
Accumulated Impact of Risk 1 is shown as in the assessment by Risk Assessment Owner of Activity 1 in Org. Unit A plus Assessment of Risk Assessment Owner from Activity 2 in Org. Unit B.
Assessment is created for of Risk 1 by Risk Assessment
Owner of Activity 2 in Org. Unit B
* Proposed linked Risks can also be rejected, thus preventing that additional Assessments are done for Risk 1 by Risk Assessment Owner in Org. Unit B.
© SAP AG 2003, Title of Presentation, Speaker Name / 58© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 58
Risk Assessment invitation
Invitations for collaborative Risk AssessmentsIf for a Risk in Org. Unit A another person then the original Assessment Owner can contribute a Risk Assessment, this person can be invited to give his/her opinion in a additional Risk Assessment.
Org. Unit A
Activity 1
Risk 1Send invitations to other users (with roles RM or AO or AM) to create additional Risk Assessments
Impact of Risk 1 is shown as in the assessment by Risk Assessment Owner of Activity 1 in Org. Unit A.
Impacts from further assessments from invited users are shown separately as “additional…”.
User A
User B
User C
User …
30
© SAP AG 2003, Title of Presentation, Speaker Name / 59© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 59
Agenda – Operational Risk Management
SAP’s two folded Offering
SAP’s planned Operational Risk Management (ORM)
Guiding Principles for ORM
External Requirements for Risk Management
Corporate Governance and Risk Management
Appendix: SAP SEM Strategic Risk Management
ORM in Detail
© SAP AG 2003, Title of Presentation, Speaker Name / 60© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 60
The Balanced Scorecard as Framework for VBM and Risk-Management
Risk Management
Risk CategoryRisk-Group A
Risk 1
Risk 2
Risk-Group BRisk 3
Risk CategoryRisk-Group A
Risk 1
Risk 2
Risk-Group BRisk 3
Risk-Analysis
Risk-Assessment
Risk-Handling
Risk-Controlling
Early Warning
Quantification of Risksby specific methods
outside of SAP SEM.
Quantification of Risksby specific methods
outside of SAP SEM.
Early Warning Indicators (Measures)Early Warning Indicators (Measures)
Value Based Management
VBM KPIsROCE, DCF, EVA, etc
VBM KPIsROCE, DCF, EVA, etc
Generic Value Drivers
Revenues Growth, Margins, Tax Rates, WACC
Generic Value Drivers
Revenues Growth, Margins, Tax Rates, WACC
Business specificValue Drivers
Business specificValue Drivers
Balanced Scorecard
StrategyStrategy
ObjectivesObjectives
MeasuresFinancial Top-KPIs
Strategic Success Factors (SSF)
MeasuresFinancial Top-KPIs
Strategic Success Factors (SSF)
InitiativesInitiatives
Risks have an impact on theresults of KPIs
31
© SAP AG 2003, Title of Presentation, Speaker Name / 61© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 61
SEM Risk Builder
Hierarchical grouping of Risks in the Risk Catalog byRisk Category
Risk GroupsRisks
Comprehensive definition of RiskCategories -Groups and Risks.
Possibility to attach documentsand www-pages.
© SAP AG 2003, Title of Presentation, Speaker Name / 62© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 62
Risk Management: Quantification of Risks
Risk-Quantification
Automated and / ormanual Status
calculation
Risk Assessmentsand Comments
32
© SAP AG 2003, Title of Presentation, Speaker Name / 63© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 63
Risk Controlling within the Scorecard
Automated calculation of Risk Status by comparing
Target Value <-> ExpectationValue
Expectation Valuesshow the impact of a Risk on an Measure
Simulation of Risk-Situation possible by comparing Target Value to „Best-Case“ or „Worst-Case“
© SAP AG 2003, Title of Presentation, Speaker Name / 64© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 64
Risk Reporting for the Risk-OwnerReporting of Risk-Situation by
Risk Categories
Risk Groups
Risks
Affected Measure
33
© SAP AG 2003, Title of Presentation, Speaker Name / 65© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 65
Annual Risk assessment including Risk reportAnnual Risk assessment including Risk report
Monthly / quarterly RiskanalysisActual / Plan deviationAssessment through Risk OwnersRisk ForecastingTake action based on assessments
Monthly / quarterly RiskanalysisActual / Plan deviationAssessment through Risk OwnersRisk ForecastingTake action based on assessments
Plan risk reducing activitiesPlan risk reducing activities
Estimate / calculate potential plan deviationsdue to the Risks
Estimate / calculate potential plan deviationsdue to the Risks
SAP SEM Risk-Management
Cataloging the Risks Cataloging the Risks
Selection of relevant Risks per business unitSelection of relevant Risks per business unit
Assign Risks to the target system for each business unit (which Risk impacts which Performance Metric)
Assign Risks to the target system for each business unit (which Risk impacts which Performance Metric)
© SAP AG 2003, Title of Presentation, Speaker Name / 66© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 66
Risk-Management Hierarchies
Legal entitiesLegal entitiesLegal entities
DepartmentsDepartmentsDepartments
Lines of BusinessLines of BusinessLines of Business
Holding LevelHolding LevelHolding Level
LOB 1LOB 1 LOB 2LOB 2 LOB 3LOB 3
HoldingHolding
Company ACompany A Company BCompany B Company CCompany C Company DCompany D
Department 1Department 1 Department 2Department 2
Implementation of Implementation of parallel hierarchies parallel hierarchies
without double without double maintenance maintenance
34
© SAP AG 2003, Title of Presentation, Speaker Name / 67© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 67
Risiko Drill-Down over Org. Units
© SAP AG 2003, Title of Presentation, Speaker Name / 68© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 68
Appendix
35
© SAP AG 2003, Title of Presentation, Speaker Name / 69© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 69
Risk Assessment: Example
Impact level
MLLLL0-20%1
Probability
54321
MMLLL21-40%2
HMMLL41-60%3
HHMML61-80%4
HHHMM81-99%5
%level
1. User enters total loss: 2.000.000 €Probability entered: 60% level 3 “likely”
2. System determines global impact level 3 = Moderate
Case 1: Total loss can be determined
3. User manually selects local impact level 5= Catastrophic
4. System determines Global Risk Level = “M”System determines Local Risk Level = “H”
Global Im
pact
>25.000.000
5.000.000
1.000.000
200.000
0
from €
Catastrophic5
Major25.000.0004
Moderate5.000.0003
Minor1.000.0002
Insignificant200.000 €1
classificationto €level
Local Impact500.000 €
150.000 €
50.000 €
20.000 €
for info, Org. Unit specific
>500.000 €
150.000 €
50.000 €
20.000 €
0
for info, Org. Unit specific
Catastrophic5
Major4
Moderate3
Minor2
Insignificant1
classificationlevel
Probability
Near certainty9981
Highly likely8061
Likely6041
Unlikely4021
remote200
classificationto %from %
© SAP AG 2003, Title of Presentation, Speaker Name / 70© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 70
Risk Assessment: Example
1. User enters global impact level 3 = ModerateProbability entered: 60% “likely”
2. Step 2 not needed !
Case 2: Total loss cannot be determined
3. User manually selects local impact level 5= Catastrophic
4. System determines Global Risk Level = “M”System determines Local Risk Level = “H”
Impact level
MLLLL0-20%1
Probability
54321
MMLLL21-40%2
HMMLL41-60%3
HHMML61-80%4
HHHMM81-99%5
%level
Global Im
pact
>25.000.000
5.000.000
1.000.000
200.000
0
from €
Catastrophic5
Major25.000.0004
Moderate5.000.0003
Minor1.000.0002
Insignificant200.000 €1
classificationto €level
Local Impact500.000 €
150.000 €
50.000 €
20.000 €
for info, Org. Unit specific
>500.000 €
150.000 €
50.000 €
20.000 €
0
for info, Org. Unit specific
Catastrophic5
Major4
Moderate3
Minor2
Insignificant1
classificationlevel
Probability
Near certainty9981
Highly likely8061
Likely6041
Unlikely4021
remote200
classificationto %from %
36
© SAP AG 2003, Title of Presentation, Speaker Name / 71© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 71
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.
Microsoft®, WINDOWS®, NT®, EXCEL®, Word®, PowerPoint® and SQL Server® are registered trademarks of Microsoft Corporation.
IBM®, DB2®, DB2 Universal Database, OS/2®, Parallel Sysplex®, MVS/ESA, AIX®, S/390®, AS/400®, OS/390®, OS/400®, iSeries, pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere®, Netfinity®, Tivoli®, Informix and Informix® Dynamic ServerTM are trademarks of IBM Corporation in USA and/or other countries.
ORACLE® is a registered trademark of ORACLE Corporation.
UNIX®, X/Open®, OSF/1®, and Motif® are registered trademarks of the Open Group.
Citrix®, the Citrix logo, ICA®, Program Neighborhood®, MetaFrame®, WinFrame®, VideoFrame®, MultiWin® and other Citrix product names referenced herein are trademarks of Citrix Systems, Inc.
HTML, DHTML, XML, XHTML are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.
JAVA® is a registered trademark of Sun Microsystems, Inc.
JAVASCRIPT® is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape.
MarketSet and Enterprise Buyer are jointly owned trademarks of SAP AG and Commerce One.
SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves information purposes only. National product specifications may vary.
Copyright 2004 SAP AG. All Rights Reserved
© SAP AG 2003, Title of Presentation, Speaker Name / 72© SAP AG 2004, SAP Operational Risk Management, mySAP ERP 72
Weitergabe und Vervielfältigung dieser Publikation oder von Teilen daraus sind, zu welchem Zweck und in welcher Form auch immer, ohne die aus-drückliche schriftliche Genehmigung durch SAP AG nicht gestattet. In dieser Publikation enthaltene Informationen können ohne vorherige Ankün-digung geändert werden.
Die von SAP AG oder deren Vertriebsfirmen angebotenen Softwareprodukte können Softwarekomponenten auch anderer Softwarehersteller enthalten.
Microsoft®, WINDOWS®, NT®, EXCEL®, Word®, PowerPoint® und SQL Server® sind eingetragene Marken der Microsoft Corporation.
IBM®, DB2®, DB2 Universal Database, OS/2®, Parallel Sysplex®, MVS/ESA, AIX®, S/390®, AS/400®, OS/390®, OS/400®, iSeries, pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere®, Netfinity®, Tivoli®, Informix und Informix® Dynamic ServerTM sind Marken der IBM Corporation in den USA und/oder anderen Ländern.
ORACLE® ist eine eingetragene Marke der ORACLE Corporation.
UNIX®, X/Open®, OSF/1® und Motif® sind eingetragene Marken der Open Group.
Citrix®, das Citrix-Logo, ICA®, Program Neighborhood®, MetaFrame®, WinFrame®, VideoFrame®, MultiWin® und andere hier erwähnte Namen von Citrix-Produkten sind Marken von Citrix Systems, Inc.
HTML, DHTML, XML, XHTML sind Marken oder eingetragene Marken des W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.
JAVA® ist eine eingetragene Marke der Sun Microsystems, Inc.
JAVASCRIPT® ist eine eingetragene Marke der Sun Microsystems, Inc., verwendet unter der Lizenz der von Netscape entwickelten und implementierten Technologie.
MarketSet und Enterprise Buyer sind gemeinsame Marken von SAP AG und Commerce One.
SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver und weitere im Text erwähnte SAP-Produkte und –Dienstleistungen sowie die entsprechenden Logos sind Marken oder eingetragene Marken der SAP AG in Deutschland und anderen Ländern weltweit. Alle anderen Namen von Produkten und Dienstleistungen sind Marken der jeweiligen Firmen. Die Angaben im Text sind unverbindlich und dienen lediglich zu Informationszwecken. Produkte können länderspezifische Unterschiede aufweisen.
Copyright 2004 SAP AG. Alle Rechte vorbehalten