Are You Seeing the Signals? How Finance Analytics and KPIs Can Help CFOs Guide the Way

by Henner Schliebs, Head of Finance Audience Marketing 

Have you ever taken a close look at your dashboard when the car computer displays key performance indicators (KPIs)? No? Yes, but not really? I am confident in saying that 99.9% of you will answer with a “not really” type of response, as there are many misleading, so-called KPIs that don’t provide guidance to make the right decision. I can’t understand why customers/drivers of cars have not yet complained about being misled. And I’m surprised they haven’t sued manufacturers for astronomical amounts of money in countries like the U.S. where this is a practice that can get downright bizarre (like this case about a toilet paper injury). Here’s some rules to follow to keep your KPIs from going wrong.


Make Sure That Your KPI Is Sufficient to Guide a Decision

I recently took a look at the mileage on my truck and was surprised how the MPG rocketed up when I took my foot off the gas. So if I see MPG as a leading indicator to optimize my trip, I would never arrive at my desired destination, as I’d stop to max out on MPG. (See the picture of my car’s computer display showing above-average mileage – Italian Trucks rule!)

So, in financial taxonomy this would translate into something like a famous saying, “Zero budget is not an option.” Don’t focus on cost exclusively without having the broader goal (like margins improvement) in mind. You can’t cannibalize outcome with cost reduction—at least you’d have to achieve the same outcome at reduced costs.

Your analytics have to provide insight into the root cause for your indicators to optimize. In this case, it’s margins in the means of a decision tree, a value map, or the like so you can see the immediate outcome of any planned action. Simulation and prediction would be needed, combined with visualization of the context, in order to make it understandable for your executives and stakeholders.

Make Sure Your KPI Is Taking All Known Information into Consideration

To stick with the road trip example, I don’t understand the GPS producers being so ignorant of the value of including some kind of data mining into their offerings. The GPS knows the distance, the type of roads followed, the time of the day, and the season you’re in (like wintery conditions that might influence the trip).

It could know how many miles in which conditions you can go per gallon—or even pull this information from the car computer if it’s an integrated system. It could measure how much time you’d take to fill your car up at the gas station. Since it can measure how long you’re there, it can even deduce if your stop is for gas or just to pick up a six-pack on your way home from office.

So, assuming you want to go on a longer trip, say from San Francisco, CA to Austin, TX, why can’t the GPS guide you to the optimal speed to arrive at your next stop as soon as possible? This would take typical “bio breaks” into consideration (info available when you usually stop besides the freeway), gas stations to fill the car, projected traffic jams due to rush hour in metropolitan areas (Los Angeles!!!!) and the like. It could even run simulations like “If you go 70 mph instead of 85 mph you’d manage to get to your stop with this one tank…”

Sound familiar? So, let’s translate this into finance, using the planning process for example. You have all long-term planning information available, including the company’s strategic plan and the related KPIs (hopefully clear and leading ones as mentioned before), and all good information from any kind of ERP-like system. Also, you might have the plans from other areas like product sales plans, workforce plans, production plans (if applicable) and cost center plans. This would all be needed to arrive at an integrated business plan, driven by the long term financial plan.

You now would have almost all the ingredients to simulate outcomes based on different distributions of funds available for the current planning period. You won’t get trapped into pitfalls like having to pull additional funds into this planning period although served for later period use (having to stop at the gas station). You’d see how budgetary decisions would influence achievement of your company’s targets and would uncover potential correlations between driving indicators and outcomes (like HR development vs. hiring ofexternal people going through the value chain arriving at optimized investment in your workforce).


Don’t omit these factors, since they’re contributing to your KPIs. Even worse, there are correlations between factors that you can’t easily figure out but would have to use statistical algorithms. For example, what makes a certain customer pay on schedule vs. being an “overdue receivable”? This is not as easy to understand as the famous “There is a correlation between sales of ice cream and shark attacks” example. But to find a causation and guide the way, you need tens or even hundreds of dimensions correlated.

What Does this Mean for You?

Things that are obvious for you as a driver of a car and that you take into consideration when planning your road trip are not as easy to uncover in your professional life as a finance expert, as many more dimensions are affecting business performance. Given that the additional charter of any mature finance organization is to provide excellent service to the other business functions within your organization, it’s your duty to support the cost center manager, the sales executive, and last but not least, every employee by providing them with relevant and contextual finance data that enables better and fact-based decisions.triangle

In addition, sophisticated finance analytics uses the support of visualization and predictive functionality to guide the way through the core finance tasks around financial planning and analysis, accounting, treasury, operations, and even risk management, compliance and audit functions. It helps achieve more with less—operational excellence at reduced cost by supporting every finance function to deliver on the promise of simple data and intelligence provision for the whole organization.

This means that the finance function of tomorrow has a new credo: Be a partner to the company and support to differentiate from your peers, add value to the bottom line, and strategically consult the executive leadership team of your company to achieve sustainable growth.

Three Lines of Defense: Claiming a Seat in the Digital Boardroom

by Bruce McCuaig, Director, GRC Product Marketing

SAP recently announced SAP Cloud for Analytics, a planned software as a service (SaaS) offering that aims to bring all analytics capabilities into one solution for an unparalleled user experience (UX). The intent is for organizations to use this one solution to enable employees to track performance, analyze trends, predict, and collaborate to make informed decisions and improve business outcomes.

To me this sounds a lot like the mandate of governance, risk and compliance.

The Digital Boardroom

At SAP we’ve already begun to imagine a digital boardroom. As part of our Analytics business, my colleagues and I in governance risk and compliance (GRC) are keenly aware of the contribution our solutions can make to improving business decisions and business outcomes. But is the world of GRC ready for the digital boardroom?

And if the Three Lines of Defense is the framework we are advocating, what can we digitize for the digital boardroom? There is plenty of literature on implementing the Three Lines of Defense. I am basing much of this blog on the IIA’s guidance. However, this does not provide guidance on what to report or how to report it.

Five Requirements for Claiming a Seat at the Digital Board Room

  1. Reporting by the first line of defense – operating management

Operational management is responsible for maintaining effective internal controls and for executing risk and control procedures on a day-to-day basis. How can this be reported? One of my colleagues mocked up the report below. It illustrates a possible report on the management of controls in a particular area. It’s a useful beginning. But if the digital boardroom is supposed to drive better outcomes, we need to find a way to illustrate the impact of controls on performance.

Figure 1


  1. Reporting by the second line of defense – risk management and compliance

Management establishes various risk management and compliance functions to help build and/or monitor controls for the first line of defense. What would it take to understand the effectiveness of first line of defense controls? A few years ago, I mocked up a simple app that aggregated losses and incidents by risk category. The best way to understand control effectiveness is to understand the losses and incidents that occurred. If the second line of defense classifies the root cause of the issues and losses, the Board can make intelligent decisions and come to sound conclusions. Right now the Board gets subjective opinions on control effectiveness from assurance providers. Control effectiveness opinions are not comforting to me. They make sense only when objective information is not available. I would prefer the facts and I believe the Digital Board wants its facts digitized.

Figure 2


  1. Reporting by the third line of defense

Internal auditors provide the governing body and senior management with comprehensive assurance based on the highest level of independence and objectivity within the organization. So how do we digitize “assurance”? I have asked myself this question for years. In my view internal audit can add value by “painting a picture” of the world of governance, risk and compliance. One way to do this is by showing how the organization conforms to a set of criteria.

There are many criteria. The Committee of Sponsoring Organizations (COSO) provides one. The International Standards Organization (ISO) provides others. OCEG provides yet another, specifically the GRC Capability Model, a detailed set of criteria designed to help organizations achieve principled performance.Figure 3

The Role of Analytics

Reporting to the digital boardroom will require classifying and tagging information and then slicing, dicing, and visualization. That is what analytics tools and BI solutions do. It is close to the opposite of reporting on control and risk effectiveness. It is reporting on control and risk facts. Nothing less will do.

Uncharted Territory

The digital boardroom will take the Three Lines of Defense and GRC generally into uncharted territory. If we as GRC professionals have anything to say, it had better be digital and it had better be useful.

As always, I am interested in your comments. The Three Lines of Defense concept is far from perfect but as I have suggested in my earlier blogs it is a sound basis for collaboration and a fine starting point.

How do you report on GRC topics to your Board today? Do they read your reports? Are they visual? What do you see in the future?


The Integration of Enterprise Risk Management (ERM) and Enterprise Performance Management (EPM)

by Gary Cokins

Businessman analyzing pie chart on digital tablet

Governance and compliance awareness from government legislation such as Sarbanes-Oxley in the US and Basel II is clearly on the minds of all executives. Accountability and responsibility can no longer be evaded. If executives err on weak compliance, they can go to jail. As a result internal audit controls have been enhanced. The popular acronym that addresses this is GRC for governance, risk, and compliance. From the perspective of enterprise performance management, one can consider governance (G) as the stewardship of executives to behave in a responsible way, such as providing a safe work environment or formulating an effective strategy; and consider compliance (C) as operating under laws and regulations. Risk management (R), the third element of GRC and often referred to as enterprise risk management (ERM), is the element more associated with enterprise performance management (EPM).

Some organizations are beginning to integrate ERM and EPM. In a little under two weeks’ time I will be presenting this topic as a keynote speaker on November 10 in Las Vegas at the SAP Conference for Financial Planning, Consolidation and Controls. I shared some of my thoughts about technology and reasons for speaking at this conference in an interview recently, but as I shall be covering a broad topic area in my conference presentation concerning the integration of ERM and EPM, I decided to write a little more about this now, before heading to Las Vegas, as a scene-setter in many ways for what I’ll speak about there.

You may think that this theme is a little out of step with the themes running through my recent blog series, as this blog is the final one of 8 blogs in the 2015 Summer/Fall series of my SAP blogs. I hope you’ll see however that there is merit for bringing this topic to the forefront of thought again, as to my mind there’s a very clear link between innovations in planning and analytics in the Cloud and how these might be integrated with an approach to risk management. A limitation to this integration to date has not necessarily been owing to a lack of interest, understanding or willingness to do this, but rather that the actual methods have been cumbersome and sometimes complex, especially when viewed from a technology standpoint. But that’s changing. Technology is becoming easier, simpler to use and the once distinct disparity between functional capabilities in Analytics, EPM and ERM are starting to blur and fade away, to be replaced by clear lines of vision, collaboration and unison. So if we can remove the “how” as a barrier to integration, let’s consider the “why”, because this is how we’ll stimulate businesses to invest serious time and energy in taking risk informed planning decisions as a part of their normal business processes. For this let’s go back to basics.

The integration of ERM and EPM

EPM is now more correctly being defined as a much broader umbrella concept of integrated methodologies – much broader than its previously misperceived narrow definition as simply being dashboards and better financial reporting. What could possibly be an even broader definition? My belief is the EPM methods are only a part – but a crucial, integral part – of how an organization realizes its strategy to maximize its value to stakeholders, both in commercial and public sector organizations. This means that enterprise EPM must be encompassed by a broader overarching concept – enterprise risk-based performance management – that integrates EPM methods with enterprise risk management (ERM).

The “R” in GRC has similar characteristics with EPM methods. The foundation for both ERM and EPM share two beliefs:

  1. The less uncertainty there is about the future, the better.
  2. If you cannot measure it, you cannot manage it.

The premise here is to link risk performance to business performance. Whether EPM is defined narrowly or ideally more broadly, for most organizations it does not embrace risk governance. It should. Risk and uncertainty are too critical and influential to omit. For example, reputational risk caused by fraud (e.g., Tyco International), a terrifying product-related incident (e.g., Tylenol), or some other news headline grabbing event can substantially damage a company’s market value.

Is risk an opportunity or hazard?

ERM is not about minimizing an organization’s risk exposure. Quite the contrary, it is about exploiting risk for maximum competitive advantage. A risky business strategy and plan always carries high prices. For example, what investment analysts do not know about a company or they have uncertainty or concerns will result in adding a premium to capital costs and discounting of a company’s stock value. Uncertainty can include accuracy, completeness, compliance, and timeliness in addition to just being a prediction or estimate that can be applied to a target, baseline, historical actual (or average), or benchmark.

Effective risk management practices counter these examples by being comprehensive in recognizing and evaluating all potential risks. ERM’s goal is less volatility, greater predictability, fewer surprises, and arguably most important the ability to bounce back quickly after a risk event occurs.

A simple view of risk is that more things can happen than will happen. If we can devise probabilities of possible outcomes, then we can consider how we will deal with surprises – outcomes that are different from what we expect. We can evaluate the consequences of being wrong in our expectations. In short, ERM is about dealing in advance with the consequences of being wrong. Risk can be viewed as having an opportunity that can be beneficial in the future in addition to risks viewed as hazards. For example, a rain shower may be a disaster for artists at an outdoor art fair while being a huge break for an umbrella salesperson. What risk and opportunity both have in common is they are concerned with future events that may or may not happen, their events can be identified but the magnitude of their effect uncertain, and the outcome of the event can be influenced with actions.

Problems quantifying risk and its consequences

Risk is usually associated with new risk mitigation expenses because they may turn into problems. In contrast, opportunity can be associated with new economic value creation, such as increased revenues, because they may turn into benefits.

Most organizations cannot quantify their risk exposure and have no common basis to evaluate their risk appetite relative to their risk exposure. Risk appetite is the amount of risk an organization is willing to absorb to generate the returns it expects to gain. The objective is not to eliminate all risk, but rather to match risk exposure to risk appetite.

ERM is not simply contingency planning. That is too vague. It begins with a systematic way of recognizing sources of uncertainty. It then applies quantitative methods to measure and assess three factors:

  1. The probability of an event occurring
  2. The severity impact of the event
  3. Management’s capability and effectiveness to respond to the event

Based on these factors for various risks, ERM identifies the triggers and drivers of risk (measured as key risk indicators or KRIs), and then it evaluates alternative actions and associated expenses to potentially mitigate or take advantage of each identified risk. These actions should ideally be included during the strategy formulation and re-planning process and reflected in financial projection scenarios – commonly called “what if” analysis.

The three types of risk

There are three categories of risk. EPM is involved the second category as described next.

Preventable Risks – These are unauthorized employee actions or breakdowns in standard operating procedures. This category of risk can be reduced by:

  • Communication of “Codes of Conduct” and mission and vision statements
  • Strong compliance practices (e.g., internal controls like “segregation of duties,” internal audit, standard operating procedures, whistle blowing promotion)

Strategy Execution Risks – In this category risks are taken to execute the CXO executive team’s strategy to generate superior returns. Examples are: credit risk, R&D programs, and hazardous environments. These types of risk cannot be reduced to zero. Their likelihood of occurring can be reduced or effectively contained should they occur.

External Risks – This category of risk is caused from uncertain, uncontrollable external events that cannot easily be predicted or influenced. Managers often “don’t know that they don’t know.” Scenario exercises can identify risks. However, if these types of risks can be envisioned, then risk mitigation actions can be taken. Examples are: building earthquake or flood-proof structures; backup data centers in distant locations; and insurance, hedging, and diversification.

Risk managers – friend or foe to profit growth?

Unfortunately this topic has a dark edge. A report of The Economist Intelligence Unit sponsored by ACE, a global insurance company, and KPMG is titled, “Fall guys: Risk management in the front line.”[1] In the report, a risk manager claims he was fired for telling his company’s board of directors that too much risk was being taken. Did management want to ignore a red flag of caution to pursue higher profits? The broader question involves how strategy planners view risk managers. Are they profit optimizers or detractors?

The Economist report was a result of extensive surveys and interviews. The impact of the 2009 global financial sector meltdown was clearly top of mind for the respondents. The report highlighted that risk management and governance policies and structures require increased authority, visibility and independence. However, planned increases in investment and spending for them are typically modest, if any. This is not a good sign. The reality is that the natural tension and conflict between the risk functions and a business’ aspirations for higher profit growth remains present.

Invulnerable today but aimless tomorrow

Will increasing interest in including to integrate ERM with EPM methods continue or be a temporary phase? Hopefully, the interest will be permanent, but there are impediments. Business line managers may continue to view the risk function as a mechanical brake slowing the gas pedal of sales and profit growth. Also, technical knowledge and experience by boards of directors and executives may be inadequate to fully understand how to integrate ERM with EPM.

On a positive note, risk management is gaining influence and using more structured modeling and analytics software. Managers are creating a richer organizational culture for metrics and risk awareness that considers opportunities, not just threats.

I continue to be intrigued by the fact that almost half of the roughly 25 companies that passed the rigorous tests listed in the once-famous book written in 1982 by Tom Peters and Robert Waterman, In Search of Excellence, today either no longer exist, are in bankruptcy, or have performed poorly. What happened in the 32 years since the book was published? My theory is that once an organization becomes quite successful, it becomes averse to risk taking. Taking risks, albeit calculated risks, is essential for organizations to change and be innovative.

Is the today’s risk manager going to continue to be the fall guy? Not if those responsible for strategic planning appreciate that they are not gamblers using investors’ money, but rather stewards of the company’s – and investors’ – financial futures.





Join us at the SAP Conference for Financial Planning, Consolidation and Controls in Las Vegas 10-11 November, where I’ll be delivering a presentation on performance and risk management. I hope to see you there!  

SAP Conference for Financial Planning, Consolidation and Controls_Twitter

About the Author: Gary Cokins, CPIM


Gary Cokins (Cornell University BS IE/OR, 1971; Northwestern University Kellogg MBA 1974) is an internationally recognized expert, speaker, and author in enterprise and corporate performance management (EPM/CPM) systems. He is the founder of Analytics-Based Performance Management LLC . He began his career in industry with a Fortune 100 company in CFO and operations roles. Then 15 years in consulting with Deloitte, KPMG, and EDS (now part of HP). From 1997 until 2013 Gary was a Principal Consultant with SAS, a business analytics software vendor. His most recent books are Performance Management: Integrating Strategy Execution, Methods, Risk, and Analytics and Predictive Business Analytics.

Linkedin contact:

Strike Just the Right Balance in Enterprise Risk Management

by Chris Grundy, Director Product Marketing, SAP

What do CEOs need most right now? According to a recent survey mentioned on a Game-Changers radiocast with panelists Elvia Novak, director of cyber risk services at Deloitte; and Bruce McCuaig, director of solution marketing for governance, risk, and compliance solutions at SAP, CEOs require more – and more reliable – information on enterprise risk management. And they expect this information to come from the office of the CFO.


Novak addresses the gap between what the CFO is delivering and what the CEO needs. The focus is currently on financials and regulations, with risk residing in the background. “But have we taken a step back [to] say what really matters to us from a risk perspective? What’s critical to my business? And how am I protecting that?” The panelists go on to detail three major concerns in the current risk landscape.

1. Dealing with reason in an evolved threat landscape

The face of risk has mutated in the last decade. Network systems today run online in real time. Even more significant, hackers are determined to penetrate these networks and access your information. For example, a consumer products company might be concerned with people gaining access to its materials or formulas. An entertainment company needs to protect information on how much it pays its actors.

Of course, you must protect your data. But Novak cautions against overprotection – creating so many checkpoints that coworkers within the company can’t see what their colleagues are doing. You never want caution to turn into paranoia and completely disrupt your business.

2. Appointing risk arbiters and developing a consistent framework

McCuaig outlines what he believes to be the biggest challenge to improving risk management: “I don’t think we have any consistency in methodology – we don’t have any consistency in tools. I think, generally, people in the business are conscientious and responsible and they want to do the right thing. But it seems to be very difficult to put consistent framework around the business of managing risks in a way that is comprehensible.”

Both he and Novak agree that the CFO cannot be the sole voice and decision maker in risk management policies. A committee of leadership is necessary to create the best possible policies.

“You look at risk management and it’s all over the map,” McCuaig observes. “There isn’t any one set of standards. There isn’t any one set of capabilities. There is no consistent reporting framework. What I think we need is [to] introduce the kind of discipline and framework and rational approach that CFOs have developed over the years in financial management, and apply that to the risk management business.”

3. Relying on the human firewall

All the regulations and preparations in the world won’t mitigate risk if your staff isn’t fully on board. This means providing them with proper training. It’s a strategy McCuaig calls the people factor: “We have to make sure that people understand how to do their job and are motivated to do so.”

When workers view themselves as the first line of defense against major intrusions, you’re ahead of the curve. A mix of trained, passionate employees, common sense policies, and cutting-edge technology can go a long way in delivering the kind of risk management your CEO expects.

Want to learn more about strengthening risk management for your business? Listen to the full radiocast.

Manage Risk with Three Lines of Defense

by Chris Grundy, Director Product Marketing, SAP

Can you assure that your company proactively and effectively manages risk while meeting an ever-growing number of technological challenges? During a recent SAP Game-Changers radiocast, panelists Ganesh Ram, lead of PricewaterhouseCooper’s governance, risk, and compliance team; Kevin D. Heckel, director of the cyber risk services area at Deloitte & Touche LLP; and Jérôme Pugnet, senior director of product marketing for GRC solutions from SAP, discuss how technology can enhance the “three lines of defense” model.

Protect your business from becoming obsolete

Ram challenges companies to consider complex third-party relationships that keep your suppliers and consumers interconnected in a massive technology-driven ecosystem. He states that the three lines model helps ensure that a business can sustain all challenges it faces. So what do the lines look like?

  1. Operational management teams that runs the business from the front lines
  2. Risk management and compliance functions to implement and monitor effective risk management practices and robust internal controls
  3. An internal audit or oversight function that ensures the management team is performing its job properly

These are supplemented by external auditors, who provide advisory support as experts with fresh eyes and no bias (sometimes qualified as “the fourth line of defense).

According to Ram, most companies place too much importance on the first line and not enough on the second two. “It’s worth reflecting on whether your focus is on what really matters from a risk management perspective – and if investments in risk management and lines of defense give you the return that you plan for,” he posits.

Manage risk for the right reasons

Heckel muses on how risk has evolved from a necessary evil to a major business driver at the board level. However, he cautions, “It’s not a value. It’s a cost to the overall compliant agency. What are you doing and why are you doing it? Are you doing it for the right reasons?”

Pugnet explores these questions, citing social media as a prime reason for expanding a business’s outlook on what risk really means. A company’s reputation can suffer serious damage in just minutes if a negative post goes viral.

The challenge, according to Heckel, is to be resilient and respond quickly and appropriately to such situations. You want to do whatever it takes to keep customers or avoid ending up in the headlines for the wrong reasons.

Achieving balance

Ram thinks it’s important to treat governance, risk, and compliance as a balancing act, and to use the three lines model as a strategic advantage instead of a crutch or a reason to avoid any risk at all.

Such balance is most critical when expanding your business, according to Pugnet. If you acquire a new company, you need to cover the requirements across the three lines of defense. This necessitates bringing this company into the overall compliance system – a challenging endeavor. You might find that existing systems are not scaling very well, which creates additional work without available resources. That’s when it’s important to turn to those second and third lines of defense – which can include technology that streamlines processes and catches oversights before they become massive issues.

Finally, the panelists agree that risk and control are often approached as separate silos with a significant amount of overlap. By working collaboratively across those lines of defense to reduce redundancy, you can cut your overall compliance cost. To learn more about the three lines of defense, listen to the full radiocast.

The Top 3 Trends in Business Planning

by Gary Cokins 

In my prior blog, I described the three categories that are foundational for effective business planning: destination/purpose, information access, and integration. What are the trends with these three categories?


Business plans are derived from a vision and mission

The primary responsibility of the C-suite executives is to establish strategic direction by answering the question, “Where do we want to go?” Their answer will depend on the vision and mission of the organization. An organization’s mission statement does not always need to be the oftentimes hollow words displayed on the wall of the company’s entry lobby (e.g., “We will be the best …. “). It can be simpler. For example in the 1980s when Bill Gates said “A computer on every desk” Microsoft employees understood his vision and their mission.

The trend in this first category involves answering a second follow-up question, “How will we get there … to where the executive want to go?” The digital vehicle to achieve and execute the C-suite’s strategy is the integration of the various components of the integrated business planning (IBP) framework. These include strategy maps; product, channel, and customer profitability reporting and analysis; driver-based rolling financial forecasts; enterprise risk management (ERM); and lean and quality management techniques for process improvement. Each component should have analytics imbedded in them.

Access to information

Many organizations are drowning in raw transactional data but starving for information. The trend in this category involves converting data into information. This is typically accomplished via modeling.

For example, a one page strategy map is a model of the executive team’s strategy. The process of costing to calculate individual customer profit and loss (P&L) statements is accomplished by modeling how resource expenses (e.g., salaries, supplies) are causally and proportionately consumed as calculated costs of outputs.

Associated with this trend is the emergence of business analytics. What analysts want are two capabilities: (1) easy and flexible access to data; and (2) the ability to manipulate it. The IBP framework enables this via the trend I describe below.

The integration of the IBP framework’s component methods

The more seamless the integration of the IBP framework’s components, the better will be an organization’s performance. The trends in this category involve cloud-based planning, real-time information flows, and analytics.

  • Cloud-based computing – the attractiveness of remote computing power and storage over on-premises computing, maintenance benefits and the ability to easily extend use to enterprise users is commonly accepted today.
  • Information flows – transactional data and its conversion into information today can flow bi-directionally between business operation systems (production, logistics, and customer demand) and financial systems (profit reporting, budgeting, rolling financial forecasts). And the flows can be in real-time (or near real-time) refreshed at short term time intervals.
  • Analytics – The more savvy companies now embrace analytics as a competitive advantage. The goal of analytics should be to gain insights and foresight and solve problems, to make better and quicker decisions with more accurate and fact-based data, and to take actions.

Future trends in business planning?

In a future blog I will answer this question of future trends in business planning. But for now consider that if you can imagine a digital capability, then it will eventually (and soon) be realized.

Join me at the SAP Conference for Financial Planning, Consolidation and Controls in Las Vegas 10-11 November, where I’ll be delivering a presentation on performance and risk management. I hope to see you there!  

SAP Conference for Financial Planning, Consolidation and Controls_Twitter



About the Author: Gary Cokins, CPIM


Gary Cokins (Cornell University BS IE/OR, 1971; Northwestern University Kellogg MBA 1974) is an internationally recognized expert, speaker, and author in enterprise and corporate performance management (EPM/CPM) systems. He is the founder of Analytics-Based Performance Management LLC .  He began his career in industry with a Fortune 100 company in CFO and operations roles. Then 15 years in consulting with Deloitte, KPMG, and EDS (now part of HP). From 1997 until 2013 Gary was a Principal Consultant with SAS, a business analytics software vendor. His most recent books are Performance Management: Integrating Strategy Execution, Methods, Risk, and Analytics and Predictive Business Analytics.

Linkedin contact:

Modernizing the GRC Environment

by Bruce McCuaig

In the modern business environment, companies are often required to do more with less, while also navigating constantly shifting regulatory and technology frameworks. Given that reality, the need for a comprehensive solution for governance, risk management and compliance has never been greater. Such a solution can improve business performance, protect your company’s reputation and financial well being, while reducing GRC complexity. If you’ve hesitated to implement a next-generation solution for your GRC procedures and infrastructure, you’re missing out on a variety of opportunities for boosting GRC optimization, oversight and accuracy.

The Unification of GRC

Next-generation solutions like SAP’s GRC aim to holistically integrate every facet of effective GRC. This task often involves coordinating hundreds of departments and employees, and requires a robust, dependable software framework to support the effort. However, the dividends are wide-ranging and dramatic, with the potential for performance boosts in every entity tied to GRC.

With a focus on operating from unified central databases, SAP’s GRC solutions let your entire organization collaborate with unparalleled accuracy, seamlessly integrating efforts for everything from access governance to audit management and fraud detection. By jettisoning obsolete, fragmented workflow silos that can make it impossible to form a unified GRC picture, SAP’s solutions let your organization work from the same page while contributing to the overall GRC effort.

SAP Embodies Its GRC Solutions

SAP uses its own GRC solutions to manage its operations around the world. Miriam Kraus, senior VP of GRC at SAP, said, “We wanted to achieve the benefits of integration and automation throughout our worldwide GRC landscape, as well as accurate risk data produced in real time at a lower cost.”

At face value, the task was monumental for an organization as large as SAP, involving support for more than 68,000 users across 580 separate organizations in 100 countries over two years. But working with a team of in-house consultants, SAP was able to complete the implementation on time and under budget, garnering it a prestigious GRC 20/20 Value Award.

Because of the new SAP GRC solutions framework, SAP saw significant improvements in GRC metrics, including the following:

  • A 100 percent accuracy rate for control testing and remediation
  • Control testing that is 90 percent faster than before
  • A 20 percent gain in data maintenance efficiency
  • A 30 percent increase in report generation efficiency
  • Three FTEs now able to be redeployed to higher value activities

SAP GRC solutions enable your business to simplify its approach to GRC and make better business decisions by visualizing and predicting how risk may impact performance. To find out how SAP can help you unify and modernize your organization’s GRC, visit SAP GRC Solutions.