Manage Risk with Three Lines of Defense

by Chris Grundy, Director Product Marketing, SAP

Can you assure that your company proactively and effectively manages risk while meeting an ever-growing number of technological challenges? During a recent SAP Game-Changers radiocast, panelists Ganesh Ram, lead of PricewaterhouseCooper’s governance, risk, and compliance team; Kevin D. Heckel, director of the cyber risk services area at Deloitte & Touche LLP; and Jérôme Pugnet, senior director of product marketing for GRC solutions from SAP, discuss how technology can enhance the “three lines of defense” model.

Protect your business from becoming obsolete

Ram challenges companies to consider complex third-party relationships that keep your suppliers and consumers interconnected in a massive technology-driven ecosystem. He states that the three lines model helps ensure that a business can sustain all challenges it faces. So what do the lines look like?

  1. Operational management teams that runs the business from the front lines
  2. Risk management and compliance functions to implement and monitor effective risk management practices and robust internal controls
  3. An internal audit or oversight function that ensures the management team is performing its job properly

These are supplemented by external auditors, who provide advisory support as experts with fresh eyes and no bias (sometimes qualified as “the fourth line of defense).

According to Ram, most companies place too much importance on the first line and not enough on the second two. “It’s worth reflecting on whether your focus is on what really matters from a risk management perspective – and if investments in risk management and lines of defense give you the return that you plan for,” he posits.

Manage risk for the right reasons

Heckel muses on how risk has evolved from a necessary evil to a major business driver at the board level. However, he cautions, “It’s not a value. It’s a cost to the overall compliant agency. What are you doing and why are you doing it? Are you doing it for the right reasons?”

Pugnet explores these questions, citing social media as a prime reason for expanding a business’s outlook on what risk really means. A company’s reputation can suffer serious damage in just minutes if a negative post goes viral.

The challenge, according to Heckel, is to be resilient and respond quickly and appropriately to such situations. You want to do whatever it takes to keep customers or avoid ending up in the headlines for the wrong reasons.

Achieving balance

Ram thinks it’s important to treat governance, risk, and compliance as a balancing act, and to use the three lines model as a strategic advantage instead of a crutch or a reason to avoid any risk at all.

Such balance is most critical when expanding your business, according to Pugnet. If you acquire a new company, you need to cover the requirements across the three lines of defense. This necessitates bringing this company into the overall compliance system – a challenging endeavor. You might find that existing systems are not scaling very well, which creates additional work without available resources. That’s when it’s important to turn to those second and third lines of defense – which can include technology that streamlines processes and catches oversights before they become massive issues.

Finally, the panelists agree that risk and control are often approached as separate silos with a significant amount of overlap. By working collaboratively across those lines of defense to reduce redundancy, you can cut your overall compliance cost. To learn more about the three lines of defense, listen to the full radiocast.

The Top 3 Trends in Business Planning

by Gary Cokins 

In my prior blog, I described the three categories that are foundational for effective business planning: destination/purpose, information access, and integration. What are the trends with these three categories?


Business plans are derived from a vision and mission

The primary responsibility of the C-suite executives is to establish strategic direction by answering the question, “Where do we want to go?” Their answer will depend on the vision and mission of the organization. An organization’s mission statement does not always need to be the oftentimes hollow words displayed on the wall of the company’s entry lobby (e.g., “We will be the best …. “). It can be simpler. For example in the 1980s when Bill Gates said “A computer on every desk” Microsoft employees understood his vision and their mission.

The trend in this first category involves answering a second follow-up question, “How will we get there … to where the executive want to go?” The digital vehicle to achieve and execute the C-suite’s strategy is the integration of the various components of the integrated business planning (IBP) framework. These include strategy maps; product, channel, and customer profitability reporting and analysis; driver-based rolling financial forecasts; enterprise risk management (ERM); and lean and quality management techniques for process improvement. Each component should have analytics imbedded in them.

Access to information

Many organizations are drowning in raw transactional data but starving for information. The trend in this category involves converting data into information. This is typically accomplished via modeling.

For example, a one page strategy map is a model of the executive team’s strategy. The process of costing to calculate individual customer profit and loss (P&L) statements is accomplished by modeling how resource expenses (e.g., salaries, supplies) are causally and proportionately consumed as calculated costs of outputs.

Associated with this trend is the emergence of business analytics. What analysts want are two capabilities: (1) easy and flexible access to data; and (2) the ability to manipulate it. The IBP framework enables this via the trend I describe below.

The integration of the IBP framework’s component methods

The more seamless the integration of the IBP framework’s components, the better will be an organization’s performance. The trends in this category involve cloud-based planning, real-time information flows, and analytics.

  • Cloud-based computing – the attractiveness of remote computing power and storage over on-premises computing, maintenance benefits and the ability to easily extend use to enterprise users is commonly accepted today.
  • Information flows – transactional data and its conversion into information today can flow bi-directionally between business operation systems (production, logistics, and customer demand) and financial systems (profit reporting, budgeting, rolling financial forecasts). And the flows can be in real-time (or near real-time) refreshed at short term time intervals.
  • Analytics – The more savvy companies now embrace analytics as a competitive advantage. The goal of analytics should be to gain insights and foresight and solve problems, to make better and quicker decisions with more accurate and fact-based data, and to take actions.

Future trends in business planning?

In a future blog I will answer this question of future trends in business planning. But for now consider that if you can imagine a digital capability, then it will eventually (and soon) be realized.

Join me at the SAP Conference for Financial Planning, Consolidation and Controls in Las Vegas 10-11 November, where I’ll be delivering a presentation on performance and risk management. I hope to see you there!  

SAP Conference for Financial Planning, Consolidation and Controls_Twitter



About the Author: Gary Cokins, CPIM


Gary Cokins (Cornell University BS IE/OR, 1971; Northwestern University Kellogg MBA 1974) is an internationally recognized expert, speaker, and author in enterprise and corporate performance management (EPM/CPM) systems. He is the founder of Analytics-Based Performance Management LLC .  He began his career in industry with a Fortune 100 company in CFO and operations roles. Then 15 years in consulting with Deloitte, KPMG, and EDS (now part of HP). From 1997 until 2013 Gary was a Principal Consultant with SAS, a business analytics software vendor. His most recent books are Performance Management: Integrating Strategy Execution, Methods, Risk, and Analytics and Predictive Business Analytics.

Linkedin contact:

5 Top Tips for Vegas

By Chris Grundy, Director Product Marketing, SAP

As you know from my earlier blog, for many months now I and my colleagues here at SAP, along with a team from conference organizers TA Cook, have been preparing for our next event, the SAP Conference for Financial Planning, Consolidation and Controls. This is the new name for what was previously known as the SAP Conference for enterprise performance management (EPM), because this year we’ve expanded our content to not just focus on EPM, but also upon GRC (governance, risk and compliance). So, with just seven weeks to go until the event starts on 10 November in Las Vegas, I thought it was about high time I wrote a little something about what attendees might look forward to seeing and hearing this year, especially given the fact that we’re going to be joined by a number of industry analysts and thought leaders, along with many SAP customers ready to tell us about their experiences in implementing and using software solutions.

Illuminated Light Bulbs

So here are my tips for 5 top tips for sessions and speakers to see (and hear) at the conference in Las Vegas this November:

  1. Keynote panel day 1. Not one, not two, but three special guests join for what should be a hugely informative informative panel discussion during the day 1 keynote. Guests include Doug Henschen of Constellation Research, Scott Mitchell of OCEG and Brian Kalish of AFP Online. I’m really looking forward to hearing the opinions of this panel of industry experts and thought leaders on the topic of what’s driving Finance and the role of the CFO.
  2. Ray Wang day 2 keynote. I almost need say no more, as Ray is such a well-known observer, researcher and thought leader in the technology arena, being Principal Analyst & Founder of Constellation Research. Ray’s keynote “The secret to the future of planning” is sure to be topical, insightful and one might even hope he’ll throw in a few surprises to really get us thinking. A great reason to get back to the conference center and grab a good seat for this early session on day 2!
  3. Gary Cokins day 1 presentation. I had the pleasure of meeting Gary last year at the EPM Conference in Chicago, when he presented one of the keynotes, and since that time we’ve worked together on a number of projects, mostly related to blogging. An experienced practitioner, consultant, author speaker and prolific blogger, Gary has a vast experience in the area of performance management. I’m always impressed with Gary’s ability to express complex issues in interesting and thought-provoking ways, and the session at this year’s conference towards the end of day 1, where he will examine performance and risk should really get the brain-cells working again. And to top it off, straight after Gary’s session we have a networking reception where Gary along with other conference speakers will be happy to chat with conference attendees in a more relaxing atmosphere.
  4. Bjarte Bogsnes of Statoil day 2…and many other customers too! It’s terrific to see Bjarte on the conference agenda this year, ready to tell the Statoil experience around performance and risk. He’s a great conference speaker, very articulate and engaging and sure to give a great presentation. But of course he’s not the only customer speaker at the conference, and I’m also eager to hear presentations from Sysco, ServiceNow, Maxim Integrated, Southern California Edison as well as SAP over the two days of conference.
  5. Workshops. For those of you who like to dive deep into your solution areas, three workshops topics are on offer at the event this year; FP&A, Integrated Planning and GRC. Led by solution and domain experts, these sessions are intended for attendees who want to absorb a more detailed understanding of solution strengths and capabilities – but be ready to get your thinking caps on as you’re likely to be challenged with practical examples to work through at some point!

And of course many SAP-led sessions and excellent networking opportunities throughout the event and into the evening of the first day of the conference.

I am truly looking forward to the event this year, and to the opportunity to meet and speak with the many people attending the conference. Of course I shall be reporting back to you from the event – so if I don’t see you there, you’ll be sure to hear from me afterwards!


SAP Conference for Financial Planning, Consolidation and Controls_Twitter


Can You Afford to Procrastinate on Adopting the New Revenue Recognition Standards?

by Pete Graham

Revenue recognition might be the most important item on your business’s financial statement – and it’s about to radically change. A newly converged standard of revenue accounting is coming at financial organizations like a freight train. IASB and FASB have merged accounting standards – detailed in 700 pages of new rules. The changes are so seismic that companies are being given a little over two years to put the rules in place.

In a recent SAP Game-Changers radiocast, panelists Chris Smith of capital markets and accounting advisory services at PwC; David Ferguson, director in the consulting technology service area at Deloitte; Pete Graham, director in finance solutions and enterprise mobility at SAP; and Julie Zielke, a partner in EY’s financial accounting advisory services practices in Chicago, discuss the potential impact of these new regulations.


No time like the present to plan for the future

The new revenue recognition guidelines require substantial disclosures around revenue – requiring different, enhanced preparation of computations and data, particularly for companies with long-term contracts. They’re currently set to take effect in December 2017 for U.S. public companies and January 2018 for companies that use IFRS standards.

Smith details the challenges that companies face in the area of revenue recognition:

  • Everyone in the company has an opinion about it because it drives compensation and other crucial metrics.
  • Revenue recognition touches many of the organizations outside finance, such as sales, tax, and IT. Because of the strict rules in the U.S., revenue recognition has either constrained or driven the way some businesses go to market.

Ferguson urges companies not to count on the year-long reprieve they’ve been given. He maintains that time is still of the essence. There are significant impacts within the organization to the financial statements and the tax reporting that can affect compensation, goals, and metrics within the firm.

No need to do it all at once

Because the change is so large and drastic, the experts agree that implementing the new standards and adjusting to their effects will be an iterative process. Ferguson states that the rules will likely continue to refine themselves over time. Also, many of the companies can change the way they write their contracts between today and the implementation time.

Smith details how challenging the new standards will be for U.S. companies because of the strict regulatory environment and how much importance they place on revenue recognition. American businesses are hesitant to make guesses or estimates where that number is concerned because it has a domino effect on so many other areas of the business.

So what measures should you take now to make the conversion a success later?

  1. 1.   Create a clear policy that IT can use to scale a large number of transactions.
  2. 2.   Undertake a comprehensive education program that brings the investor community up to speed on what this revenue recognition shift means to them.
  3. 3.   Participate in peer conversations and industry collaboration across companies that can help everyone adjust and thrive.


To learn more about how you can prepare for the new revenue recognition standards, listen to the full radiocast.

Be A High-Performing Finance Department, Part 2: Help Your Employees Succeed With Essential Capabilities

By Nick Castellina, Research Director, Aberdeen Group

In my last blog in this series, I illustrated the reasons that successful finance functions must transform as they become even more integral to overall business success. This week I’d like to show you how this transformation can actually be accomplished.

01 Feb 2013, Houston, Texas, USA --- Businesswoman holding tablet computer with pie chart --- Image by © Terry Vine/Blend Images/Corbis

I mentioned that in top-performing organizations, executives commit to financial transformation and push that down through the organization. It is their job to communicate these strategies and to provide the technologies and capabilities I have outlined below.

Financial transformation requires a strategy that will lead to changes to the business. But where to start? The number-one strategy of Best-in-Class (50%) is to conduct an internal investigation of financial processes and technologies. This is why organizations that commit to financial transformation are more likely to implement technologies that improve the organization’s ability to execute on its financial goals. This starts with an end-to-end business suite, but extends to individual functionality tailored to handle individual finance disciplines. For example, organizations that commit to financial transformation are 2.5 times as likely to have a financial controls solution. Note that a majority of organizations that commit to financial transformation have implemented business analytics. These tools enable users to interact more effectively with data and use it to make transformative decisions.

Table 1: Key Technologies


Unfortunately, simply having a solution that can help to record and share financial data while automating processes may not be enough in the current environment. My report “In-Memory and Social Business: Coming Soon to your Large Enterprise” found that leading large enterprises are already 27% more likely than followers to have in-memory analytics technology, with another 42% planning to implement this technology in the near future (Figure 1). In-memory analytics is a way for organizations to consume the increasing amount of data that they are exposed to. Querying large data sets can be handled in random access memory (RAM), resulting in quicker access to reports and analysis. This is important to large organizations with millions of transactions and interactions as they attempt to analyze data and processes in real time to react to trends and monitor compliance. It is also important for individual business functions as they attempt to transform their operations to become more effective.

Figure 1: Consider In-Memory


For organizations that are focused on financial transformation, in-memory analytics can provide some interesting benefits. There are process improvements to be gained as well as a better ability to provide information for decision-making. These benefits could include:

  • Centralized financial data for ease of access
  • Improved compliance monitoring on a real-time basis across a larger enterprise
  • More dynamic, agile, and accurate plans and budgets
  • A better ability to take advantage of available cash
  • Quicker financial close
  • Ability to connect financial and operational data for more valuable insights

This environment is perfect for introducing transformation across an organization. In fact, my research has proven that organizations that commit to financial transformation are more likely to have implemented a variety of capabilities. As shown in the chart below (Figure 2), the most essential capabilities fall into a few main categories.

Figure 2: Transformative Capabilities


  • Real-time data repositories. In order for organizations to report effectively, remain compliant, and support the line of business it is important to provide an easily accessed, sharable, and accurate picture of financial information. Organizations that commit to financial transformation are 3.2 times as likely to have real-time updates to financial metrics. Further, 72% of those organizations store this information in a centralized repository.
  • Collaboration. Finance is morphing into an essential source for organizational decision-making. Additionally, transformative organizations understand that communicating with the extended enterprise (including regulatory bodies) is essential for business success. Transformative organizations enable collaboration both inside and outside of the organization with finance.
  • Streamlined processes. In a modern environment, finance must be a well-oiled machine. Aberdeen’s research finds that transformative organizations have tools in place that ensure compliance, automate financial processes such as tax calculations, introduce emerging technology such as mobile, and enable the individual functions within finance to succeed.
  • Support for change. Innovation and change are, of course, core components of transformation. Organizations that commit to financial transformation are 2.2 times as likely to have business solutions that can be easily tailored to reflect business change.

By  implementing these capabilities and technologies, top-performing finance executives provide a platform for their finance department. If your organization implements them, you will be amazed by the improvements you will see in a variety of essential metrics. In fact, my research has uncovered quantifiable benefits as a result of a financial transformation strategy (click here to see an infographic highlighting this research). To learn what I found, check back soon for a blog where I will reveal those benefits and give you some final tips to achieve them.

high-performing finance


What Top Execs Are Saying about Managing Risk in the Age of Complexity

by Babak Ghoreyshi, Global Marketing Program manager at SAP

Finance executives know that risk is inevitable, but there is a significant debate over how an organization can make the best business decisions to seize opportunities while avoiding the risk. Businesses need to be agile enough and proactively deal with external risks as well as potential risks as they develop. Market leaders consistently find a way to contain risk and comply with regulations while leading the organization in identifying more profitable ventures.

In the spring and summer of 2015, a survey of more than 1,000 finance executives with responsibility for governance, risk and compliance (GRC) was conducted by Loudhouse and sponsored by SAP. The resulting report on GRC best practices is titled “Managing risk in the age of complexity.”

This white paper revealed that a combination of increasing risk and regulation complexity comprises the number one largest pressure felt by GRC professionals around the world today. As that pressure grows, these executives have sought to establish reliable methodologies for strategically balancing risk and opportunity.

Key insights

Just 10 percent of the participants of the survey were satisfied with their GRC tools and technologies and were stating that they have adequate GRC tools, technologies, and processes in place. The same goes in terms of keeping pace with future growth. Only 10 percent are fully satisfied these tools, technologies and processes will keep pace with future growth. As a result, companies are leaving themselves open to risk. The report found that the biggest problems arising from GRC failures are loss of business or revenues, business disruption and damage to the company reputation. That means that the companies which are most vulnerable to risk are those where brand value is a central component of the company’s valuation. For all businesses, the core message is that risk has to be contained more quickly than ever before.


The GRC Landscape

Compliance and regulatory requirements have become more complex over the past five years for 81 percent of the respondents. Finance executives participating in the survey identified the top five risk centers as the primary sources that will be growing over the next two years:

  1. Competitive forces (42 percent)
  2. Control failures (41 percent)
  3. Financial and economic issues (36 percent)
  4. Employee performance (36 percent)
  5. Consumer behavior (35 percent)

Another fascinating observation was the emerging split in what GRC experts see as their top concerns. Just over half (57 percent) are more concerned with external risks while 43 percent look into the internal risks as more crucial. Organizations in Europe and the U.S., tend to consider the main risks as external, while South African and Japanese companies expressed a greater concern for internal risks.


GRC Pain points

The main pain points associated with GRC have to do with a fragmented vs. a more unified approach, which leads to a lack of visibility if there is no integration of risk and control, reporting, accessing and using necessary data. Access to a single source of truth can enable enterprises to reach the goal of turning data into knowledge in planning at the highest levels.

Although issues related to GRC are more closely now across all departments, only 10 percent say that GRC practices are embedded throughout the business. The US leads the world in siloed systems for approaching GRC problems, with three out of four companies pursuing a fragmented approach. Japan is close behind at 73 percent of companies and UK is in third place with 72 percent. More intelligent unified platforms are widely accepted in Brazil at 43 of companies and Germany close behind with 42 percent with centralized approach to GRC.

The most surprising statistic of all is that two out of three companies worldwide (65 percent) are not even able to quantify or qualify their current risk exposures. That is a perilous place to operate and the majority of companies are simply unprepared for current risks, let alone what’s coming next.

Moving Forward with GRC

GRC needs to evolve now and add more value to the business. That statement found agreement among three out of four companies in the survey. The way to do that is to standardize processes, reduce costs and bring greater strategic value to the bottom line. Here are the top priorities, fairly evenly split, that companies identified as areas GRC must address over the next twelve months:

  • For 42 percent it’s “improving consistency”
  • For 41 percent it’s “earlier identification and management of risks
  • For 39 percent it’s “improving GRC efficiency”
  • For 37 percent it’s “improving GRC performance and strategic value”


A 5 Point Plan for GRC Practices

Here are the best practices that have emerged as a result of the survey:

Point 1. Make a case for the strategic value of GRC. – Don’t wait for CEOs to see the strategic value of GRC.

Point 2. Make a decision about who’s responsible. – Award ownership of the process and make someone accountable.

Point 3. Seek a holistic, future-proof solution. – Create a scalable architecture for addressing GRC in the future.

Point 4. Drive cultural change. — The entire organization must respect the importance of GRC in commercial success.

Point 5. Do it now – The consequences of delay are too serious to ignore.

Get the Report

The most advanced GRC tools today can deliver confidence, drive better performance and expand accountability within your organization. Download “Managing risk in the age of complexity,” for a detailed analysis of all these issues and assure that your organization is deploying the best practices in managing GRC for the future.


Be A High-Performing Finance Department Part One: The How’s And Why’s Of Financial Transformation

By Nick Castellina, Research Director, Aberdeen Research

We’ve reached a new era for top performing finance departments. No longer is finance solely viewed as an operational function that serves the specific purpose of managing transactions,finance reportingreporting, and compliance. Instead, the role of finance is now as a valued partner in strategic decisions as well as a potential source of efficiency, cost savings, and profitable growth. With this enhanced role comes a variety of challenges. Finance organizations must step it up in order to meet the needs of the rest of the organization while continuing to run effectively. But don’t take my word for it. Let’s take a look at some of the how’s and why’s of financial transformation that organizations report.

My recent Excellence in Financial Management study asked survey takers to indicate the top challenges facing them today (Figure 1). Finance is under significant pressure to deliver financial information to key stakeholders both internally and externally. On the one hand, many employees outside of finance finally understand the importance of its function and the information it can provide. Unfortunately, enabling collaboration while completing financial processes is easier said than done. Due to changing regulations, increased amounts of data, and organizational complexity, varying financial processes are too long and resource intensive. This brings increased cost and puts the organization at risk for inaccurate information and the negative effects of noncompliance. Clearly, more importance than ever is being put on the finance function. In order to keep up, this function needs to improve the way it operates. There is an opportunity to make intelligent changes that will make these challenges into attributes.

Figure I: Top Challenges in Finance


In response to these pressures, 86% of Best-in-Class organizations have ensured that they have executive commitment to financial transformation (Figure 2). This commitment needs to come from the top of the organization in order to ensure that it is driven down and executed both inside and outside of finance. But what does financial transformation mean? It means altering the processes and technology that typically make up finance. This transformation must address the pressures noted above in order to induce collaboration, enable data reporting and sharing, and facilitate and remove the costs from financial processes. Ultimately, top performers accomplish transformation by changing the way things work today.

Figure 2: Best-in-Class Commit to Transformation


Aberdeen has uncovered a series of best practices that help organizations to completely transform their finance departments (click here to see an infographic highlighting this research). This blog is the first in a series that will help you to determine the best course of action as your finance department embarks on this journey. Next time, we will uncover the technologies and capabilities that organizations that commit to financial transformation have implemented. In the third entry, I will illustrate some of the tangible benefits that organizations have experienced as a result of transformation and summarize a series of recommendations. Check back here throughout this series, and share it with the rest of your department to encourage and embrace financial transformation.