The Role of a Risk Committee

by Thomas Frenehard, GRC Solution Management

Young plant growing in sunshine(Shallow Dof)

Remember the dinosaurs from your history books? Extinct, right?

Well this is the way some companies are going because they focus all their efforts on looking backwards. And to me, this is precisely where Audit and Risk Committees  have a crucial role to play; not to focus on the same issues but have a different mind-set.

By nature, the Audit Committee will focus on the findings from the audit report, looking backwards at what’s already happened. I personally think that the Risk Committee should focus on forward-looking uncertainties… and how to best leverage potential opportunities.

This Risk Committee can then have a true advisory role to the Board. It should, of course, be able to discuss the most important threats that would prevent an organization from achieving its objectives and it should also be able to recommend a course of action to flip downsides into opportunities.

Most likely the Board is not the right instance to discuss and review the multiple risk scenarios, test new assumptions, and so on. But if it relies on a knowledgeable Risk Committee, it will be able to make the right decision for the business and increase value for the shareholders.

So, how can this work?

Last week I was lucky to attend a workshop on this specific topic, Risk Committees, that sparked many discussions and exchange of opinions amongst participants. Here are my summarized thoughts from the event.

  • A clearly defined mandate is needed

A Risk Committee can only be successful if it is given a clear mandate by the Board. Its roadmap and mission statement, if you wish. Here, I would suggest that the Board define expectations for the Risk Committee that would be relevant to supporting true business decision making.

In association with the mandate, and for the Risk Committee to be realistic in its assumptions, I would expect the Board to share its risk appetite and how it reached this conclusion, as this will guide most of the scenario work.

  •  On-board knowledge

To have an active Risk Committee, I think it has to embed a risk culture. This might happen because the committee is at least partially composed of risk experts or because it’s engrained in the DNA of its members.

I would also suggest involving industry experts in the Risk Committee as this is the only way to have realistic – and probable scenarios.

  • Sufficient tools and information

The role of this committee will be to review risks and to simulate potential negative and positive outcomes. If its participants are not given sufficient risk information, how can they do that?

In addition to providing risk information, I would also recommend authorizing this committee to interview Risk Owners when necessary, as they are the business experts that can shed light on business contexts.

  • Report to the Board and then, take action on their recommendations

To my mind, if such a process is defined, then the Board needs to set some time aside to debate on the recommendations from the Risk Committee. And here, it can’t be a passive presentation from the committee to the Board, it has to be a two-way street with some questioning. The Board needs to challenge the assumptions and needs to provide feedback on whether expectations have been met or the Risk Committee won’t be able to adjust its next reporting.

Also, the Board needs to take action on the recommendations. And keep in mind that deciding to wait until more information is gathered or that events start to unfold is already a decision, provided it is documented and agreed on.

How does this sound to you? Would you agree that immobility is a great threat to many of our organizations?

Three Lines of Defense: Claiming a Seat in the Digital Boardroom

by Bruce McCuaig, Director, GRC Product Marketing

SAP recently announced SAP Cloud for Analytics, a planned software as a service (SaaS) offering that aims to bring all analytics capabilities into one solution for an unparalleled user experience (UX). The intent is for organizations to use this one solution to enable employees to track performance, analyze trends, predict, and collaborate to make informed decisions and improve business outcomes.

To me this sounds a lot like the mandate of governance, risk and compliance.

The Digital Boardroom

At SAP we’ve already begun to imagine a digital boardroom. As part of our Analytics business, my colleagues and I in governance risk and compliance (GRC) are keenly aware of the contribution our solutions can make to improving business decisions and business outcomes. But is the world of GRC ready for the digital boardroom?

And if the Three Lines of Defense is the framework we are advocating, what can we digitize for the digital boardroom? There is plenty of literature on implementing the Three Lines of Defense. I am basing much of this blog on the IIA’s guidance. However, this does not provide guidance on what to report or how to report it.

Five Requirements for Claiming a Seat at the Digital Board Room

  1. Reporting by the first line of defense – operating management

Operational management is responsible for maintaining effective internal controls and for executing risk and control procedures on a day-to-day basis. How can this be reported? One of my colleagues mocked up the report below. It illustrates a possible report on the management of controls in a particular area. It’s a useful beginning. But if the digital boardroom is supposed to drive better outcomes, we need to find a way to illustrate the impact of controls on performance.

Figure 1


  1. Reporting by the second line of defense – risk management and compliance

Management establishes various risk management and compliance functions to help build and/or monitor controls for the first line of defense. What would it take to understand the effectiveness of first line of defense controls? A few years ago, I mocked up a simple app that aggregated losses and incidents by risk category. The best way to understand control effectiveness is to understand the losses and incidents that occurred. If the second line of defense classifies the root cause of the issues and losses, the Board can make intelligent decisions and come to sound conclusions. Right now the Board gets subjective opinions on control effectiveness from assurance providers. Control effectiveness opinions are not comforting to me. They make sense only when objective information is not available. I would prefer the facts and I believe the Digital Board wants its facts digitized.

Figure 2


  1. Reporting by the third line of defense

Internal auditors provide the governing body and senior management with comprehensive assurance based on the highest level of independence and objectivity within the organization. So how do we digitize “assurance”? I have asked myself this question for years. In my view internal audit can add value by “painting a picture” of the world of governance, risk and compliance. One way to do this is by showing how the organization conforms to a set of criteria.

There are many criteria. The Committee of Sponsoring Organizations (COSO) provides one. The International Standards Organization (ISO) provides others. OCEG provides yet another, specifically the GRC Capability Model, a detailed set of criteria designed to help organizations achieve principled performance.Figure 3

The Role of Analytics

Reporting to the digital boardroom will require classifying and tagging information and then slicing, dicing, and visualization. That is what analytics tools and BI solutions do. It is close to the opposite of reporting on control and risk effectiveness. It is reporting on control and risk facts. Nothing less will do.

Uncharted Territory

The digital boardroom will take the Three Lines of Defense and GRC generally into uncharted territory. If we as GRC professionals have anything to say, it had better be digital and it had better be useful.

As always, I am interested in your comments. The Three Lines of Defense concept is far from perfect but as I have suggested in my earlier blogs it is a sound basis for collaboration and a fine starting point.

How do you report on GRC topics to your Board today? Do they read your reports? Are they visual? What do you see in the future?


The Integration of Enterprise Risk Management (ERM) and Enterprise Performance Management (EPM)

by Gary Cokins

Businessman analyzing pie chart on digital tablet

Governance and compliance awareness from government legislation such as Sarbanes-Oxley in the US and Basel II is clearly on the minds of all executives. Accountability and responsibility can no longer be evaded. If executives err on weak compliance, they can go to jail. As a result internal audit controls have been enhanced. The popular acronym that addresses this is GRC for governance, risk, and compliance. From the perspective of enterprise performance management, one can consider governance (G) as the stewardship of executives to behave in a responsible way, such as providing a safe work environment or formulating an effective strategy; and consider compliance (C) as operating under laws and regulations. Risk management (R), the third element of GRC and often referred to as enterprise risk management (ERM), is the element more associated with enterprise performance management (EPM).

Some organizations are beginning to integrate ERM and EPM. In a little under two weeks’ time I will be presenting this topic as a keynote speaker on November 10 in Las Vegas at the SAP Conference for Financial Planning, Consolidation and Controls. I shared some of my thoughts about technology and reasons for speaking at this conference in an interview recently, but as I shall be covering a broad topic area in my conference presentation concerning the integration of ERM and EPM, I decided to write a little more about this now, before heading to Las Vegas, as a scene-setter in many ways for what I’ll speak about there.

You may think that this theme is a little out of step with the themes running through my recent blog series, as this blog is the final one of 8 blogs in the 2015 Summer/Fall series of my SAP blogs. I hope you’ll see however that there is merit for bringing this topic to the forefront of thought again, as to my mind there’s a very clear link between innovations in planning and analytics in the Cloud and how these might be integrated with an approach to risk management. A limitation to this integration to date has not necessarily been owing to a lack of interest, understanding or willingness to do this, but rather that the actual methods have been cumbersome and sometimes complex, especially when viewed from a technology standpoint. But that’s changing. Technology is becoming easier, simpler to use and the once distinct disparity between functional capabilities in Analytics, EPM and ERM are starting to blur and fade away, to be replaced by clear lines of vision, collaboration and unison. So if we can remove the “how” as a barrier to integration, let’s consider the “why”, because this is how we’ll stimulate businesses to invest serious time and energy in taking risk informed planning decisions as a part of their normal business processes. For this let’s go back to basics.

The integration of ERM and EPM

EPM is now more correctly being defined as a much broader umbrella concept of integrated methodologies – much broader than its previously misperceived narrow definition as simply being dashboards and better financial reporting. What could possibly be an even broader definition? My belief is the EPM methods are only a part – but a crucial, integral part – of how an organization realizes its strategy to maximize its value to stakeholders, both in commercial and public sector organizations. This means that enterprise EPM must be encompassed by a broader overarching concept – enterprise risk-based performance management – that integrates EPM methods with enterprise risk management (ERM).

The “R” in GRC has similar characteristics with EPM methods. The foundation for both ERM and EPM share two beliefs:

  1. The less uncertainty there is about the future, the better.
  2. If you cannot measure it, you cannot manage it.

The premise here is to link risk performance to business performance. Whether EPM is defined narrowly or ideally more broadly, for most organizations it does not embrace risk governance. It should. Risk and uncertainty are too critical and influential to omit. For example, reputational risk caused by fraud (e.g., Tyco International), a terrifying product-related incident (e.g., Tylenol), or some other news headline grabbing event can substantially damage a company’s market value.

Is risk an opportunity or hazard?

ERM is not about minimizing an organization’s risk exposure. Quite the contrary, it is about exploiting risk for maximum competitive advantage. A risky business strategy and plan always carries high prices. For example, what investment analysts do not know about a company or they have uncertainty or concerns will result in adding a premium to capital costs and discounting of a company’s stock value. Uncertainty can include accuracy, completeness, compliance, and timeliness in addition to just being a prediction or estimate that can be applied to a target, baseline, historical actual (or average), or benchmark.

Effective risk management practices counter these examples by being comprehensive in recognizing and evaluating all potential risks. ERM’s goal is less volatility, greater predictability, fewer surprises, and arguably most important the ability to bounce back quickly after a risk event occurs.

A simple view of risk is that more things can happen than will happen. If we can devise probabilities of possible outcomes, then we can consider how we will deal with surprises – outcomes that are different from what we expect. We can evaluate the consequences of being wrong in our expectations. In short, ERM is about dealing in advance with the consequences of being wrong. Risk can be viewed as having an opportunity that can be beneficial in the future in addition to risks viewed as hazards. For example, a rain shower may be a disaster for artists at an outdoor art fair while being a huge break for an umbrella salesperson. What risk and opportunity both have in common is they are concerned with future events that may or may not happen, their events can be identified but the magnitude of their effect uncertain, and the outcome of the event can be influenced with actions.

Problems quantifying risk and its consequences

Risk is usually associated with new risk mitigation expenses because they may turn into problems. In contrast, opportunity can be associated with new economic value creation, such as increased revenues, because they may turn into benefits.

Most organizations cannot quantify their risk exposure and have no common basis to evaluate their risk appetite relative to their risk exposure. Risk appetite is the amount of risk an organization is willing to absorb to generate the returns it expects to gain. The objective is not to eliminate all risk, but rather to match risk exposure to risk appetite.

ERM is not simply contingency planning. That is too vague. It begins with a systematic way of recognizing sources of uncertainty. It then applies quantitative methods to measure and assess three factors:

  1. The probability of an event occurring
  2. The severity impact of the event
  3. Management’s capability and effectiveness to respond to the event

Based on these factors for various risks, ERM identifies the triggers and drivers of risk (measured as key risk indicators or KRIs), and then it evaluates alternative actions and associated expenses to potentially mitigate or take advantage of each identified risk. These actions should ideally be included during the strategy formulation and re-planning process and reflected in financial projection scenarios – commonly called “what if” analysis.

The three types of risk

There are three categories of risk. EPM is involved the second category as described next.

Preventable Risks – These are unauthorized employee actions or breakdowns in standard operating procedures. This category of risk can be reduced by:

  • Communication of “Codes of Conduct” and mission and vision statements
  • Strong compliance practices (e.g., internal controls like “segregation of duties,” internal audit, standard operating procedures, whistle blowing promotion)

Strategy Execution Risks – In this category risks are taken to execute the CXO executive team’s strategy to generate superior returns. Examples are: credit risk, R&D programs, and hazardous environments. These types of risk cannot be reduced to zero. Their likelihood of occurring can be reduced or effectively contained should they occur.

External Risks – This category of risk is caused from uncertain, uncontrollable external events that cannot easily be predicted or influenced. Managers often “don’t know that they don’t know.” Scenario exercises can identify risks. However, if these types of risks can be envisioned, then risk mitigation actions can be taken. Examples are: building earthquake or flood-proof structures; backup data centers in distant locations; and insurance, hedging, and diversification.

Risk managers – friend or foe to profit growth?

Unfortunately this topic has a dark edge. A report of The Economist Intelligence Unit sponsored by ACE, a global insurance company, and KPMG is titled, “Fall guys: Risk management in the front line.”[1] In the report, a risk manager claims he was fired for telling his company’s board of directors that too much risk was being taken. Did management want to ignore a red flag of caution to pursue higher profits? The broader question involves how strategy planners view risk managers. Are they profit optimizers or detractors?

The Economist report was a result of extensive surveys and interviews. The impact of the 2009 global financial sector meltdown was clearly top of mind for the respondents. The report highlighted that risk management and governance policies and structures require increased authority, visibility and independence. However, planned increases in investment and spending for them are typically modest, if any. This is not a good sign. The reality is that the natural tension and conflict between the risk functions and a business’ aspirations for higher profit growth remains present.

Invulnerable today but aimless tomorrow

Will increasing interest in including to integrate ERM with EPM methods continue or be a temporary phase? Hopefully, the interest will be permanent, but there are impediments. Business line managers may continue to view the risk function as a mechanical brake slowing the gas pedal of sales and profit growth. Also, technical knowledge and experience by boards of directors and executives may be inadequate to fully understand how to integrate ERM with EPM.

On a positive note, risk management is gaining influence and using more structured modeling and analytics software. Managers are creating a richer organizational culture for metrics and risk awareness that considers opportunities, not just threats.

I continue to be intrigued by the fact that almost half of the roughly 25 companies that passed the rigorous tests listed in the once-famous book written in 1982 by Tom Peters and Robert Waterman, In Search of Excellence, today either no longer exist, are in bankruptcy, or have performed poorly. What happened in the 32 years since the book was published? My theory is that once an organization becomes quite successful, it becomes averse to risk taking. Taking risks, albeit calculated risks, is essential for organizations to change and be innovative.

Is the today’s risk manager going to continue to be the fall guy? Not if those responsible for strategic planning appreciate that they are not gamblers using investors’ money, but rather stewards of the company’s – and investors’ – financial futures.





Join us at the SAP Conference for Financial Planning, Consolidation and Controls in Las Vegas 10-11 November, where I’ll be delivering a presentation on performance and risk management. I hope to see you there!  

SAP Conference for Financial Planning, Consolidation and Controls_Twitter

About the Author: Gary Cokins, CPIM


Gary Cokins (Cornell University BS IE/OR, 1971; Northwestern University Kellogg MBA 1974) is an internationally recognized expert, speaker, and author in enterprise and corporate performance management (EPM/CPM) systems. He is the founder of Analytics-Based Performance Management LLC . He began his career in industry with a Fortune 100 company in CFO and operations roles. Then 15 years in consulting with Deloitte, KPMG, and EDS (now part of HP). From 1997 until 2013 Gary was a Principal Consultant with SAS, a business analytics software vendor. His most recent books are Performance Management: Integrating Strategy Execution, Methods, Risk, and Analytics and Predictive Business Analytics.

Linkedin contact:

Strike Just the Right Balance in Enterprise Risk Management

by Chris Grundy, Director Product Marketing, SAP

What do CEOs need most right now? According to a recent survey mentioned on a Game-Changers radiocast with panelists Elvia Novak, director of cyber risk services at Deloitte; and Bruce McCuaig, director of solution marketing for governance, risk, and compliance solutions at SAP, CEOs require more – and more reliable – information on enterprise risk management. And they expect this information to come from the office of the CFO.


Novak addresses the gap between what the CFO is delivering and what the CEO needs. The focus is currently on financials and regulations, with risk residing in the background. “But have we taken a step back [to] say what really matters to us from a risk perspective? What’s critical to my business? And how am I protecting that?” The panelists go on to detail three major concerns in the current risk landscape.

1. Dealing with reason in an evolved threat landscape

The face of risk has mutated in the last decade. Network systems today run online in real time. Even more significant, hackers are determined to penetrate these networks and access your information. For example, a consumer products company might be concerned with people gaining access to its materials or formulas. An entertainment company needs to protect information on how much it pays its actors.

Of course, you must protect your data. But Novak cautions against overprotection – creating so many checkpoints that coworkers within the company can’t see what their colleagues are doing. You never want caution to turn into paranoia and completely disrupt your business.

2. Appointing risk arbiters and developing a consistent framework

McCuaig outlines what he believes to be the biggest challenge to improving risk management: “I don’t think we have any consistency in methodology – we don’t have any consistency in tools. I think, generally, people in the business are conscientious and responsible and they want to do the right thing. But it seems to be very difficult to put consistent framework around the business of managing risks in a way that is comprehensible.”

Both he and Novak agree that the CFO cannot be the sole voice and decision maker in risk management policies. A committee of leadership is necessary to create the best possible policies.

“You look at risk management and it’s all over the map,” McCuaig observes. “There isn’t any one set of standards. There isn’t any one set of capabilities. There is no consistent reporting framework. What I think we need is [to] introduce the kind of discipline and framework and rational approach that CFOs have developed over the years in financial management, and apply that to the risk management business.”

3. Relying on the human firewall

All the regulations and preparations in the world won’t mitigate risk if your staff isn’t fully on board. This means providing them with proper training. It’s a strategy McCuaig calls the people factor: “We have to make sure that people understand how to do their job and are motivated to do so.”

When workers view themselves as the first line of defense against major intrusions, you’re ahead of the curve. A mix of trained, passionate employees, common sense policies, and cutting-edge technology can go a long way in delivering the kind of risk management your CEO expects.

Want to learn more about strengthening risk management for your business? Listen to the full radiocast.

Manage Risk with Three Lines of Defense

by Chris Grundy, Director Product Marketing, SAP

Can you assure that your company proactively and effectively manages risk while meeting an ever-growing number of technological challenges? During a recent SAP Game-Changers radiocast, panelists Ganesh Ram, lead of PricewaterhouseCooper’s governance, risk, and compliance team; Kevin D. Heckel, director of the cyber risk services area at Deloitte & Touche LLP; and Jérôme Pugnet, senior director of product marketing for GRC solutions from SAP, discuss how technology can enhance the “three lines of defense” model.

Protect your business from becoming obsolete

Ram challenges companies to consider complex third-party relationships that keep your suppliers and consumers interconnected in a massive technology-driven ecosystem. He states that the three lines model helps ensure that a business can sustain all challenges it faces. So what do the lines look like?

  1. Operational management teams that runs the business from the front lines
  2. Risk management and compliance functions to implement and monitor effective risk management practices and robust internal controls
  3. An internal audit or oversight function that ensures the management team is performing its job properly

These are supplemented by external auditors, who provide advisory support as experts with fresh eyes and no bias (sometimes qualified as “the fourth line of defense).

According to Ram, most companies place too much importance on the first line and not enough on the second two. “It’s worth reflecting on whether your focus is on what really matters from a risk management perspective – and if investments in risk management and lines of defense give you the return that you plan for,” he posits.

Manage risk for the right reasons

Heckel muses on how risk has evolved from a necessary evil to a major business driver at the board level. However, he cautions, “It’s not a value. It’s a cost to the overall compliant agency. What are you doing and why are you doing it? Are you doing it for the right reasons?”

Pugnet explores these questions, citing social media as a prime reason for expanding a business’s outlook on what risk really means. A company’s reputation can suffer serious damage in just minutes if a negative post goes viral.

The challenge, according to Heckel, is to be resilient and respond quickly and appropriately to such situations. You want to do whatever it takes to keep customers or avoid ending up in the headlines for the wrong reasons.

Achieving balance

Ram thinks it’s important to treat governance, risk, and compliance as a balancing act, and to use the three lines model as a strategic advantage instead of a crutch or a reason to avoid any risk at all.

Such balance is most critical when expanding your business, according to Pugnet. If you acquire a new company, you need to cover the requirements across the three lines of defense. This necessitates bringing this company into the overall compliance system – a challenging endeavor. You might find that existing systems are not scaling very well, which creates additional work without available resources. That’s when it’s important to turn to those second and third lines of defense – which can include technology that streamlines processes and catches oversights before they become massive issues.

Finally, the panelists agree that risk and control are often approached as separate silos with a significant amount of overlap. By working collaboratively across those lines of defense to reduce redundancy, you can cut your overall compliance cost. To learn more about the three lines of defense, listen to the full radiocast.

The Top 3 Trends in Business Planning

by Gary Cokins 

In my prior blog, I described the three categories that are foundational for effective business planning: destination/purpose, information access, and integration. What are the trends with these three categories?


Business plans are derived from a vision and mission

The primary responsibility of the C-suite executives is to establish strategic direction by answering the question, “Where do we want to go?” Their answer will depend on the vision and mission of the organization. An organization’s mission statement does not always need to be the oftentimes hollow words displayed on the wall of the company’s entry lobby (e.g., “We will be the best …. “). It can be simpler. For example in the 1980s when Bill Gates said “A computer on every desk” Microsoft employees understood his vision and their mission.

The trend in this first category involves answering a second follow-up question, “How will we get there … to where the executive want to go?” The digital vehicle to achieve and execute the C-suite’s strategy is the integration of the various components of the integrated business planning (IBP) framework. These include strategy maps; product, channel, and customer profitability reporting and analysis; driver-based rolling financial forecasts; enterprise risk management (ERM); and lean and quality management techniques for process improvement. Each component should have analytics imbedded in them.

Access to information

Many organizations are drowning in raw transactional data but starving for information. The trend in this category involves converting data into information. This is typically accomplished via modeling.

For example, a one page strategy map is a model of the executive team’s strategy. The process of costing to calculate individual customer profit and loss (P&L) statements is accomplished by modeling how resource expenses (e.g., salaries, supplies) are causally and proportionately consumed as calculated costs of outputs.

Associated with this trend is the emergence of business analytics. What analysts want are two capabilities: (1) easy and flexible access to data; and (2) the ability to manipulate it. The IBP framework enables this via the trend I describe below.

The integration of the IBP framework’s component methods

The more seamless the integration of the IBP framework’s components, the better will be an organization’s performance. The trends in this category involve cloud-based planning, real-time information flows, and analytics.

  • Cloud-based computing – the attractiveness of remote computing power and storage over on-premises computing, maintenance benefits and the ability to easily extend use to enterprise users is commonly accepted today.
  • Information flows – transactional data and its conversion into information today can flow bi-directionally between business operation systems (production, logistics, and customer demand) and financial systems (profit reporting, budgeting, rolling financial forecasts). And the flows can be in real-time (or near real-time) refreshed at short term time intervals.
  • Analytics – The more savvy companies now embrace analytics as a competitive advantage. The goal of analytics should be to gain insights and foresight and solve problems, to make better and quicker decisions with more accurate and fact-based data, and to take actions.

Future trends in business planning?

In a future blog I will answer this question of future trends in business planning. But for now consider that if you can imagine a digital capability, then it will eventually (and soon) be realized.

Join me at the SAP Conference for Financial Planning, Consolidation and Controls in Las Vegas 10-11 November, where I’ll be delivering a presentation on performance and risk management. I hope to see you there!  

SAP Conference for Financial Planning, Consolidation and Controls_Twitter



About the Author: Gary Cokins, CPIM


Gary Cokins (Cornell University BS IE/OR, 1971; Northwestern University Kellogg MBA 1974) is an internationally recognized expert, speaker, and author in enterprise and corporate performance management (EPM/CPM) systems. He is the founder of Analytics-Based Performance Management LLC .  He began his career in industry with a Fortune 100 company in CFO and operations roles. Then 15 years in consulting with Deloitte, KPMG, and EDS (now part of HP). From 1997 until 2013 Gary was a Principal Consultant with SAS, a business analytics software vendor. His most recent books are Performance Management: Integrating Strategy Execution, Methods, Risk, and Analytics and Predictive Business Analytics.

Linkedin contact:

5 Top Tips for Vegas

By Chris Grundy, Director Product Marketing, SAP

As you know from my earlier blog, for many months now I and my colleagues here at SAP, along with a team from conference organizers TA Cook, have been preparing for our next event, the SAP Conference for Financial Planning, Consolidation and Controls. This is the new name for what was previously known as the SAP Conference for enterprise performance management (EPM), because this year we’ve expanded our content to not just focus on EPM, but also upon GRC (governance, risk and compliance). So, with just seven weeks to go until the event starts on 10 November in Las Vegas, I thought it was about high time I wrote a little something about what attendees might look forward to seeing and hearing this year, especially given the fact that we’re going to be joined by a number of industry analysts and thought leaders, along with many SAP customers ready to tell us about their experiences in implementing and using software solutions.

Illuminated Light Bulbs

So here are my tips for 5 top tips for sessions and speakers to see (and hear) at the conference in Las Vegas this November:

  1. Keynote panel day 1. Not one, not two, but three special guests join for what should be a hugely informative informative panel discussion during the day 1 keynote. Guests include Doug Henschen of Constellation Research, Scott Mitchell of OCEG and Brian Kalish of AFP Online. I’m really looking forward to hearing the opinions of this panel of industry experts and thought leaders on the topic of what’s driving Finance and the role of the CFO.
  2. Ray Wang day 2 keynote. I almost need say no more, as Ray is such a well-known observer, researcher and thought leader in the technology arena, being Principal Analyst & Founder of Constellation Research. Ray’s keynote “The secret to the future of planning” is sure to be topical, insightful and one might even hope he’ll throw in a few surprises to really get us thinking. A great reason to get back to the conference center and grab a good seat for this early session on day 2!
  3. Gary Cokins day 1 presentation. I had the pleasure of meeting Gary last year at the EPM Conference in Chicago, when he presented one of the keynotes, and since that time we’ve worked together on a number of projects, mostly related to blogging. An experienced practitioner, consultant, author speaker and prolific blogger, Gary has a vast experience in the area of performance management. I’m always impressed with Gary’s ability to express complex issues in interesting and thought-provoking ways, and the session at this year’s conference towards the end of day 1, where he will examine performance and risk should really get the brain-cells working again. And to top it off, straight after Gary’s session we have a networking reception where Gary along with other conference speakers will be happy to chat with conference attendees in a more relaxing atmosphere.
  4. Bjarte Bogsnes of Statoil day 2…and many other customers too! It’s terrific to see Bjarte on the conference agenda this year, ready to tell the Statoil experience around performance and risk. He’s a great conference speaker, very articulate and engaging and sure to give a great presentation. But of course he’s not the only customer speaker at the conference, and I’m also eager to hear presentations from Sysco, ServiceNow, Maxim Integrated, Southern California Edison as well as SAP over the two days of conference.
  5. Workshops. For those of you who like to dive deep into your solution areas, three workshops topics are on offer at the event this year; FP&A, Integrated Planning and GRC. Led by solution and domain experts, these sessions are intended for attendees who want to absorb a more detailed understanding of solution strengths and capabilities – but be ready to get your thinking caps on as you’re likely to be challenged with practical examples to work through at some point!

And of course many SAP-led sessions and excellent networking opportunities throughout the event and into the evening of the first day of the conference.

I am truly looking forward to the event this year, and to the opportunity to meet and speak with the many people attending the conference. Of course I shall be reporting back to you from the event – so if I don’t see you there, you’ll be sure to hear from me afterwards!


SAP Conference for Financial Planning, Consolidation and Controls_Twitter