Eric Krell interviews Sanjay Poonen -- senior vice president and general manager, SAP BusinessObjects performance optimization applications -- on the integration of risk management and performance management.
Full Disclosure: You're a proponent of integrating risk management and performance management ... what is the ultimate purpose of this integration? Sanjay Poonen: We see the management of risk and performance as two sides to the same coin. Effectively managing performance requires that businesses know and mitigate underlying risks. Conversely, companies can't effectively manage risk unless they are able to prioritize the risks that most severely threaten the overall business strategy and performance. Combining risk and performance management provides insight into the impact of specific business decisions so companies can continually maximize their success.
Gartner and other leading analyst firms have recognized and commended us for this vision. As the first company to bring Governance, Risk and Compliance and Enterprise Performance Management solutions together, SAP enables finance and operational managers to make unified decisions, leveraging key performance indicators and key risk indicators in a common framework.
FD: At a high level, how does this integration look like inside a company? SP: Simply put, as people manage performance using KPIs, they simultaneously use KRIs to evaluate the level of risk. They have a risk-adjusted view of their performance.
FD: What does achieving this vision require within a company from a people, process, technology perspective? SP: The first priority is to make sure that the people that manage risk in the organization are closely aligned with those that manage performance, rather than operating as a separate part of the organization. Second, ensure the process for measuring performance incorporates risk into the process, namely that there is a placeholder for risk evaluation. And finally, use a technology that supports the integrated processes.
Our performance management products enable companies to manage strategy and performance across the organization; our risk management product supports holistic risk management. Through integration of these solutions we ensure our customers can gain even greater value from their technology investments to make more strategic business decisions.
FD: Who -- what titles -- are the most important players in this integration? SP: There are a few people involved, the VP of Strategy, the Chief Risk Officer and of course the CFO who often gets involved in both risk and strategy.
FD: On the systems side, do you see GRC technology and BPM technology converging? Are there potential gaps between these two types of systems? SP: Historically, there certainly have been gaps between GRC and BPM systems, largely from a process standpoint. That is because the staff that manages risk is different than the staff that manages performance.
A cohesive performance management and risk management approach will ensure that companies can proactively manage and reduce risks while keeping performance optimized. By integrating our risk management and performance management solutions, we are driving the systems convergence to help our customers be more effective.