FCM Spotlight

A repost of an SAP article written by Dr Neil Patrick – SAP Solution Management for Risk, Compliance and Tax

Game Changer for our Customers

This is a momentous event in SAP GRC! We are adding a new public cloud risk management capability to our already exciting public cloud internal control solution SAP Financial Compliance Management (FCM). Take a look at my GRC Tuesday blog on the solution if you want additional information about FCM.

We will offer public cloud risk and control management in the same solution, running on SAP Business Technology Platform, and with integration into SAP S/4HANA cloud – both public and private versions. It can also integrate to SAP ERP 6.0 (ECC) as part of an implementation project. Note this risk module is different to our existing private cloud solution SAP Risk Management.

Why this matters, and why now

We are in at a point time where businesses really do have to deal with a VUCA (volatility, uncertainty, complexity, and ambiguity) environment – in terms of data, processes, employees, financials and financing, nth parties, technology, regulations, internal and external risk. By way of example, ESG pretty much covers all of these aspects in one go.

At the SAP Insider GRC conference last week in Copenhagen, we saw an interesting figure from their The CIO’s Transformation Report Card 2023. The most common trend, with 53% of 2023 respondents (up from 36% in 2022) picking it was: Automation, standardization, or redesign of our business processes.

I believe this is a reflection of trends such as:

  • 90% of compliance leaders expect evolving business, regulatory, and customer demands to increase compliance-related operating costs by up to 30%
  • 50% of organizations aim to automate controls monitoring and management capabilities to address core drivers of GRC strategy in 2023 (SAP Insider, 2023)
  • 3 out of 4 of companies are planning to increase spend across data analytics (75%), process automation (74%), and technology (72%) to support the detection and monitoring of risks

The way to deal with a VUCA business landscape is to centralize and consolidate risk and control management, automate where possible, adopt best practices and standard operating procedures, replace technical debt options with strategically aligned integrated solutions from a single supplier, and select solutions with low TCO but with ease of use. Which is where this new offering from SAP fits, perfectly.

Risk and Controls in the same solution

It’s incumbent and honest of me to say this is the first release of our public cloud risk module into FCM. However, there is a strong roadmap of product development behind it, as well as FCM itself. Which will also include a name change.

With this solution we will:

  • Provide one platform for many uses cases and risk domains across the enterprise
  • Transform governance, risk, and compliance (GRC) from a cost factor (backward looking) to a strategic differentiator (business performance improvement, forward looking)
  • Enhance process assurance for S/4HANA Cloud, Public & Private Cloud Edition, on premise, as well as hybrid scenarios.
  • Align with SAP core strategy of running on SAP Business Technology Platform, and SAP Analytics Cloud.

It’s worth noting too that we have an integration between FCM and SAP Signavio Process Manager, which means the business first line solution (Signavio) and assurance second line solution (FCM) automatically synchronize process and control information. I have discussed this in my blog about this integration. And this leading edge integration has been nominated for an innovation award by #RISK Awards Team. Of course we are looking at including risk in the integration


The benefits of this new offering are simple but can be subtle, which in fact means they are sometimes complex to articulate with due importance. And there can be many which leads to a ‘listener fatigue’. But for the business and business users, they are real.

Examples include:

  • Low total cost of ownership
  • Simple infrastructure
  • Short time to operationalize
  • Smoother digitalization, finance/digital transformation
  • Ease of use, intuitive user interface
  • Standardised best practice approach
  • Access to expanding consumable content
  • Leverage SAP Business Technology Platform capabilities
  • In line with SAP strategy, customer strategy
  • Benefits from LLP and ML capabilities, future potential access to anonymized data

In Summary

Effective risk and control management is a fundamental requirement for the modern business – for performance, not only risk and compliance.

Public cloud GRC software has real business benefits.

SAP is here to support customers looking for a public cloud risk and control solution with deep integration to S/4HANA.

And this journey is just going to get stronger.