SAP BusinessObjects Risk Management 3.0 Risk and Opportunity Analysis

SAP BusinessObjects Risk Management 3.0

Business Blueprint Workshop

Risk and Opportunity Analysis

Version 1.0 Initial Release

SAP 2008 / Page 2

Business Blue Print Risk and Opportunity Analysis

Applies to:

SAP BusinessObjects Risk Management 3.0

Summary

This document is intended to explain the necessary steps required to configure Risk

Management 3.0.

Author(s): Customer Advisory Organization and Regional Implementation Group

Company: Governance, Risk, and Compliance

SAP BusinessObjects Division

Created on: August 2009

SAP 2008 / Page 3

1. Maintain Simulation Percentile

2. Define Three-Point Analysis

3. Maintain Speed of Onset

4. Maintain Probability Levels

5. Maintain Probability Level Matrix

6. Maintain Risk And Opportunity Level Colors

7. Maintain Risk And Opportunity Level Matrix

8. Maintain Analysis Profile

The following IMG activities are covered in

this document

SAP 2008 / Page 4






6. Maintain Risk And Opportunity Level Colors

7. Maintain Risk And Opportunity Level Matrix



this document

SAP 2008 / Page 5

Business Context

Simulation Percentile

What is Simulation Percentile?

The Simulation Percentile represents the amount of confidence required for a Monte Carlo

simulation.

Why is Simulation Percentile Important?

The percentile is used to calculate the amount of exposure for any given simulation.

What are the Benefits of Simulation Percentile?

The simulation percentile allows the user to set a minimum threshold, or confidence interval

for a Monte Carlo simulation. For example, the user may want to calculate his worst case

exposure for a simulation based on a 95% confidence interval. So, if we were to simulate a

risk 1,000 times the worst case scenario would be at the 95th percentile on a bell curve. In

other words it would select the lowest of the highest 50 numbers as the worst case.

SAP 2008 / Page 6

Business Context

Example Simulation Percentile

ABC Corporation utilizes Monte Carlo analysis for all fixed priced services it

provides to its customers.

They have a corporate policy indicating a contingency amount be added to a

proposal based on a 95% confidence interval.

In order to enforce this policy they have configured their RM 3.0 Monte Carlo

simulation to default to Simulation Percentile of 95% (.05%).

SAP 2008 / Page 7

Solution Functionality


Default Certainty or Confidence Interval

Note: this value can be overridden

SAP 2008 / Page 8

Configuration and Data Gathering


Maintain Simulation Percentile

In this Customizing activity, you specify the simulation percentile to be used during

simulation runs to be carried out for a Monte Carlo simulation in the Risk Management

application. Note that the simulation percentile is also called the "confidence interval".

The percentile is used to calculate your worst case scenario for simulation.

Example

Users define the value at risk as the top 5% (or 1%, or 0.1%, based on the configuration

specified in this Customizing activity). This means that:

If the number of runs in the simulation is 10,000 and the value at risk definition is 5%,

the value at risk will be the lowest of the top 500 results of the runs.

If the number of runs in the simulation is 10,000 and the value at risk definition is 1%,

the value at risk will be the lowest of the top 100 results of the runs.

In this configuration table the

.20 represents a Confidence

Interval of 80%

SAP 2008 / Page 9



Consider any internal policies you maintain concerning confidence estimating.

What default level of confidence would you like to use for your Monte Carlo simulations?

default to?

Note: the Simulation Percentile is not mandatory for configuration. Simulation confidence intervals can be

applied when creating each unique simulation

SAP 2008 / Page 10

Configuration Requirements


Percentile

1

2

3

4

5

6

7

8

9

10

SAP 2008 / Page 11






6. Maintain Risk and Opportunity Level Colors

7. Maintain Risk and Opportunity Level Matrix



this document

SAP 2008 / Page 12

Business Context

Three-Point Analysis

What is Three-Point Analysis?

Three point analysis is a technique for estimating risk. Three values are given for the risk value: maximum loss, minimum loss and average loss. Each of the values is given a loss percentage. The percentages are used to calculate the estimate of loss for each of the 3 values and these values are added to give a single estimated loss value.

Why is Three-Point Analysis Important?

In some cases it is straightforward to calculate an estimated loss value for a risk, however, in many cases it is not possible or easy. Three point analysis is an important technique to be utilised when there is a high degree of uncertainty regarding the estimation of loss value, and yet it is still desirable to quantify the risk, rather than revert to qualitative risk analysis.

What are the Benefits of Defining Three-Point Analysis?

When used appropriately, a three point analysis should yield a more accurate estimation of risk. It enables users to take simple logical steps towards an estimation of risk which gives a level of comfort around quantitative risk analysis, which they might not achieve if faced with having to give a single point estimate.

SAP 2008 / Page 13

Business Context

Example Three-Point Analysis (1)

CRG Global Enterprises has a production Facility A. There is a risk that there could

be a major accident in Facility A causing the following Impacts:

Loss of production leading to Loss of Revenue

Costs related to Regulatory Fines and Legal proceedings

Costs related to Replacement and/or Maintenance of Assets.

For this risks there are 3 impacts and each impact has

It will not be easy to estimate the value of regulatory fines and legal costs because it

is uncertain about the exact cause of the incident and how the regulator will view the

case.

Three-Point Analysis will be utilised as follows with respect to estimating the costs of

regulatory fines and legal proceedings:

SAP 2008 / Page 14

Business Context

Example Three-Point Analysis (2)

CRG Global Enterprises believe the loss could be a minimal as $100,000 or a large

as $5,000,000. So they decide to use Three-Point Analysis to determine a loss value

with respect to estimating the costs of regulatory fines and legal proceedings:

Three-Point Analysis will be utilised as follows for this particular impact for the risk.

Minimum Loss - $100,000 (with 25% probability)

Average Loss - $2,000,000 (with 50% probability)

Maximum Loss - $5,000,000 (with 25% probability).

Calculation: (100000 x 0.25) = (2000000 x 0.50) + (5000000 x 0.25) = 2275000

Thus the single loss value calculated from the 3 points is $2,275,000.

SAP 2008 / Page 15



Copy of UI

Login to the SAP BusinessObjects Risk Management application and choose GRC Risk Management > Risk Assessment > Risks and Opportunities

SAP 2008 / Page 16



Copy of UI

Highlight the selected Risk and click Open.

SAP 2008 / Page 17



Copy of UI

The Risk General Tab will open. Click the Analysis Tab.

SAP 2008 / Page 18



Copy of UI

Click the Impact Category Allocation

SAP 2008 / Page 19



Copy of UI

Click the Three Point Analysis check box to open up the Best Case, Average Case

and Worst Case Impact fields.

SAP 2008 / Page 20



Copy of UI

Analysis Method must be set to Quantitative.

Enter the Best Case, Average Case, Worst Case Impacts for the appropriate Impact

Category.

Note the Total Loss (USD) is calculated according to the percentile formula.

SAP 2008 / Page 21



Define Three-Point Analysis

In this Customizing activity you configure the settings for a three-point analysis. The

"three points" to be defined and then analyzed are the minimum loss, the average

loss, and the maximum loss, which you define in percentage format.

The resulting value is the total loss.

In the screen shot above the values are 16% of Minimum Loss, 68% of Average Loss and

16% of Maximum Loss.

SAP 2008 / Page 22



Interview questions.

Are you planning to use Quantitative Risk Analysis as part of your risk management

framework? If, NO, then you do not need to this feature of the product.

Are you planning to use Three-Point Analysis to estimate Total Loss values as part of your

quantitative risk analysis? If, NO, then you do not need this feature of the product.

Are you planning to adopt the industry standard for Three-Point Analysis?

The standard approach is to use the following percentages

Minimum Loss 16%

Average Loss 68%

Maximum Loss 16%.

If, NO, then what percentages do you require for Minimum, Average and Maximum Loss?

SAP 2008 / Page 23



Minimum Loss Average Loss Maximum Loss

% % %

SAP 2008 / Page 24










this document

SAP 2008 / Page 25

Business Context

Speed of Onset

What is Speed of Onset?

. The speed of onset refers to the time horizon in which you expect the risk to occur. This time

horizon can change over time, becoming less as the risk event comes nearer.

Why is Speed of Onset Important?

Speed of Onset is an optional feature.

What are the Benefits of Defining Speed of Onset?

Speed of Onset can help determine which risks are likely to occur soonest and therefore need

more urgent action than others.

SAP 2008 / Page 26


Speed of Onset

Risk and Opportunity->Select Risk/Opportunity in Query->Select Analysis Tab.

Speed of Onset is a drop down pick list based on configuration of the Speed of

Onset table in the IMG.

SAP 2008 / Page 27


Speed of Onset

In this Customizing activity, you define the speed of onset for risks. The speed of

onset refers to the time horizon in which you expect the risk to occur. You specify

values for the periods in which action is required to respond to a risk.

You can enter numerical values, which are then used in determining risk response

times. The following are standard values:

Short = 1-3 years

Medium = 4-5 years

Long = >10 years

Activities

1. Click on New Entries and enter a value for the speed of onset.

2. Enter a description for the entry.

3. Save the entry.

SAP 2008 / Page 28


Speed of Onset

Interview questions

Is timeframe or speed of onset of a concept included in your risk management model.

How is timeframe or speed of onset used in the risk management model

Is speed of onset used to determine probability levels or probability values?

SAP 2008 / Page 29


Speed of Onset

Speed of Onset Description

01

02

03

04

05

06

SAP 2008 / Page 30










this document

SAP 2008 / Page 31

Business Context

Probability Levels

What are Probability Levels?

A probability level is a descriptive category of probability which can be linked to a probability

value range. Typical probability levels would be: Rare, Unlikely, Possible, Likely, Almost

Certain. Probability Levels combined with Impact Levels are used to create a Risk Heat Map.

Why are Probability Levels Important?

Probability levels are an important building block of any risk management model. All risks are

described in terms of Likelihood and Impact. Probability levels are used to give a real world

description to the likelihood that a risk event will occur.

What are the Benefits of Defining Probability Levels?

This is an essential element to any risk management model and is therefore a mandatory

feature of the system. It will help users to analyse risks, and is a necessary step toward

assigning an ordinal value to the likelihood, in terms of a discrete percentage probability that a

risk will occur.

SAP 2008 / Page 32

Business Context

Example Probability Levels

CRG Global Enterprises has defined 5 Probability Levels within their Risk Management

Model. These are:

1 .Rare

2. Unlikely

3. Possible

4. Likely

5. Almost Certain.

These 5 descriptive levels are linked to quantitative probabilities in the Probability Level

Matrix. Below is an example of how this would work.

Probability Value From Probability Level

0 1 - Rare

20 2 - Unlikely

40` 3 - Possible

60 4 - Likely

80 5 Almost Certain

SAP 2008 / Page 33


Probability Levels

Copy of UI

These 5 descriptive levels are linked to quantitative probabilities in the Probability Level

Matrix. This is defined in the IMG configuration.

Below is an example of how this would work. In this example Speed of Onset is not

activated.

SAP 2008 / Page 34


Probability Levels

Copy of UI

Probability can be entered as an absolute value (e.g. 75%) or as a Probability Level

(e.g. Likely), depending on configuration setting in the IMG Analysis Profile. In this

example a value probability entry is expected.

SAP 2008 / Page 35


Probability Levels

Copy of UI

The Probability Levels form the Y axis, and the Impact Levels for the X axis in this Risk

Heat Map.

SAP 2008 / Page 36

Maintain Probability LevelsUse

In this Customizing activity you configure and maintain risk probability levels for Process

Control and Risk Management.

A probability level corresponds to a defined probability value used by the system to evaluate a

risk.

Activities

To define probability levels, proceed as follows:

1. Click on New Entries and enter a numeric value designating the probability level.

2. Enter a text for this probability level.

3. Save your entry.


Probability Levels

SAP 2008 / Page 37


Probability Levels

Interview questions .

Have Probability Levels already been defined in your risk management model?

Are Probability Levels used consistently across your organisation? The system supports one

set of Probability Levels so it is important to agree internally what these should be.

Has the number of Probability Levels been defined in your risk management model (e.g. 3 or

5 or 6)?

Have the descriptions for the Probability Levels been agreed?

SAP 2008 / Page 38


Probability Levels

Probability Level Description

SAP 2008 / Page 39










this document

SAP 2008 / Page 40

Business Context

Probability Level Matrix

What is the Probability Level Matrix?

A probability Level Matrix is where Probability Levels are mapped to probability expressed in percentage

terms.

[Additionally, this can be (optionally) combined with Speed of Onset of a risk to vary how probability

percentages map to Probability Levels. Note: This feature is not yet enabled in the system, but it could be

made available in a support pack.]

Why is the Probability Level Matrix Important?

The Probability Level Matrix is an essential building block of quantitative risk analysis . All risks are

described in terms of Likelihood and Impact. Probability levels are used to give a real world description to

the likelihood that a risk event will occur. The Probability Level Matrix is needed to link quantitative and

qualitative expressions of probability.

What are the Benefits of Defining a Probability Level Matrix?

It will help users to analyse risks, and it is a where an ordinal value of likelihood is mapped to descriptive

probability categories. Additionally how the ordinal values map to probability categories can be

differentiated according to the speed of onset of a risk. This enriches the risk analysis.

SAP 2008 / Page 41

Business Context

Example Probability Level Matrix (1)

CRG Global Enterprises has defined 5 Probability Levels within their Risk Management Model. These 5

descriptive levels are linked to quantitative probabilities in the Probability Level Matrix. Below is an example

of how this would work.

Probability Value From Probability Level

0 1 - Rare

20 2 - Unlikely

40` 3 - Possible

60 4 - Likely

80 5 Almost Certain

SAP 2008 / Page 43


Probability Level Matrix (1)

A Risk will have either a probability value (%) applied to it OR, a probability category (e.g. Rare). In example

screen the Probability is 75%. Therefore a quantitative approach is being taken to the use of probabilities.

SAP 2008 / Page 45

Maintain Probability Level Matrix

Use

In this Customizing activity, you make the settings for the probability level matrix of your

organization. You create this matrix by mapping the timeframe and the probability percentages

to a probability level.

Requirements

Probability levels need to be maintained in the Customizing activity Define Probability Levels.

[Optional: The speed of onset can to be maintained in the Customizing activity Maintain Speed of Onset.]

Activities

1. Click on New Entries.

2. In the first column, enter the speed of onset to be used for the probability level matrix.

Note: You can use the wildcard indicator (*) as the default value to be used as the speed of

onset, which refers to the timeframe in which a risk can occur.

3. In the second column, enter a percentage probability value to be used as the starting value.

4. In the third column, select a probability level from the dropdown list.

5. Save your entry.



SAP 2008 / Page 46



Copy of IMG table

Speed of Onset

-- Enter * as a default value

SAP 2008 / Page 47



Interview questions .

As part of the risk management model has a mapping been performed for risk probabilities to

be assigned to Probability Levels?

Does your risk management model use a speed of onset concept?

Has the Speed of Onset of a risk been mapped to Probability Levels?

SAP 2008 / Page 48


Probability Level Matrix

Speed of Onset (levels

mapped to a timeframe)Probability Value From (%)

Probability Level (as per the

previously defined

category)

SAP 2008 / Page 49










this document

SAP 2008 / Page 50

Business Context

Risk And Opportunity Level Colors

What are Risk and Opportunity Level Colors?

Risk Levels represent the degree of severity of a risk. Severity is usually described in terms of a label and a colour. Typical risk levels labels are High, Medium and Low. Typical risk level colours follow the traffic light system Red, Amber, Green representing High Medium and Low risk levels. Opportunity Levels represent the degree of benefit of an opportunity. There is a single Level classification to be defined to which Risk Level and Opportunity Level colours are assigned.

Why are Risk and Opportunity Level Colors Important?

Risk (and Opportunity - optionally) Levels are an essential element of any risk management model.

What are the Benefits of Defining Risk and Opportunity Level Colors?

Colours are usually assigned to risk levels to given an intuitive and immediate visual impact for the degree of severity of the risk. Risk levels are a means for drawing attention to the most serious risks and enabling management to focus on them. Opportunity level colours are a means of drawing attention to the most advantageous opportunity.

SAP 2008 / Page 51

Business Context

Example Risk And Opportunity Level Colors

CRG Global Enterprises has defined as part of their risk management model 3 Levels (for risks and

opportunities) and 3 colour representing these levels.

Risk Level Description Risk Color Opportunity

color

H High Red Green

M Medium Yellow Yellow

L Low Green Red

SAP 2008 / Page 52


Risk And Opportunity Level Colors (1)

Risk Level (and Opportunity Level) is used extensively in the system when displaying risks in

queries, workflow, reports and dashboards.

GRC Risk Management->Risk and Opportunities>Query

SAP 2008 / Page 53



Risk Level (and Opportunity Level) is used extensively in the system when displaying risks in


GRC Risk Management->Risk and Opportunities. From the Query, select a Risk and move to

the Risk Analysis Tab

SAP 2008 / Page 54



Maintain Risk And Opportunity Level Colors

Use

In this Customizing activity you maintain risk and opportunity levels, together with the

colors for the various risk or opportunity levels. These are used in the front-end

application when working with risk scenarios or carrying out a risk analysis.

The colors selected here will display in the Level column of the risk application.

Activities

1. Click on button New Entries and specify a level to be created. This can be a four-

character letter or number.

2. Enter a description for this level and specify the position of the risk level entry in the

table.

3. In the field Risk Level Color, specify the color to be used to designate the risk level in

the UI from the dropdown list. Note that one color can be used more than once.

4. In the field Opportunity Level Color, specify the color to be used to designate the

opportunity level in the UI.

5. Save your entry.

SAP 2008 / Page 55



IMG

SAP 2008 / Page 56



Interview questions

As part of the risk management model have the risk levels been defined?

Does the risk management model include opportunities?

SAP 2008 / Page 57



Level Description Risk Level Color Opportunity Level Color

SAP 2008 / Page 58










this document

SAP 2008 / Page 59

Business Context

Risk and Opportunity Level Matrix

What is the Risk and Opportunity Level Matrix?

Risks are measured on an Impact scale and a Probability scale. A risk level matrix is a grid

where Impact is placed on the X axis and probability on the Y axis and where intersecting

points in the grid are assigned a Risk Level (often High, Medium or Low). The same principle

applies to opportunities, where probability levels combines with benefit levels to make the

opportunity level matrix. A Risk and Opportunity Level Matrix is often referred to as a

Heatmap.

Why is the Risk and Opportunity Level Matrix Important?

This is the mechanism within a risk management model where risk are assigned a risk level

(and where opportunities are assigned an opportunity level).

The combination of impact level x probability level should correspond to the defined risk level.

What are the Benefits of Defining a Risk and Opportunity Level Matrix?

Regardless of whether a qualitative or quantitative approach to risk analysis is adopted, levels

represent the combination probability and impact.

SAP 2008 / Page 60

Business Context

Example Risk And Opportunity Level Matrix

CRG Global Enterprises has defined as part of their risk management model 5 levels of

Probability, and 5 levels of Impact, these combined to form 3 Levels (for risks and

opportunities) and 3 colour representing these levels.

%

80-995 Low Medium High High High

60-794 Low Medium Medium High High

40-593 Low Medium Medium Medium High

20-392 Low 4 Medium Medium Medium

0-191 Low Low Low Low Low

1 2 3 4 5

Insignificant Minor Moderate Major Catastrophic

Impact of the risk>>>>>>

Pro

ba

bili

ty o

f th

e r

isk o

ccuring

Risk and Levels and Colors

SAP 2008 / Page 61


Risk And Opportunity Level Matrix

Copy of UI

Risk and Opportunity Level Matrix is used extensively in the system when displaying risks in


GRC Risk Management->Reporting and Dashboards->Heatmap

SAP 2008 / Page 62

Maintain Risk And Opportunity Level Matrix

Use

In this Customizing activity you define and maintain the risk level matrix. A risk level refers

to the level of severity for a risk and corresponds to a defined risk level description, such as

H (high), M (medium), or L (low).

The combination of impact level x probability level should correspond to the defined risk

level.

Requirements

You must have maintained the impact levels in the Customizing activity:

For Process Control -> Scoping -> Maintain Impact Levels

For Risk Management -> General Settings -> Maintain Impact Levels

You must have maintained the probability levels in the Customizing activity:

For Process Control -> Scoping -> Maintain Probability Levels

For Risk Management -> Risk Analysis -> Maintain Probability Levels

You must have maintained the risk level in the Customizing activity:

For Process Control -> Scoping -> Maintain Risk Levels and Colors

For Risk Management -> General Settings -> Maintain Risk Levels and Colors



SAP 2008 / Page 63



Copy of IMG table

Configuration Maintenance

1. Click on New Entries and enter

a user-defined probability level.

2. Select an impact level from the

dropdown of the Impact level

column.

3. Select a risk or opportunity level

from the dropdown of the Level

column.

4. Save your entry.

SAP 2008 / Page 64



Interview questions

As part of the risk management model, has the risk heat map been defined?

SAP 2008 / Page 65



Probability Level Impact Level Risk Level

SAP 2008 / Page 66








8. Maintain Risk and Opportunity Priorities

9. Maintain Risk and Opportunity Priority Matrix

10.Maintain Analysis Profile


this document

SAP 2008 / Page 67

Business Context

Analysis Profile

What is the Analysis Profile?

This is where you specify the configurable settings for various aspects of risk analysis within

the system. These setting include: Quantitative or Qualitative Probability, Quantitative or

Qualitative Impacts, or a combination of both, and additionally in the case of multiple impacts,

how these values or levels are aggregated to reach a single impact value or level, and

whether Speed of Onset is enabled, and whether Impact reduction feature is enables.

Why is the Analysis Profile Important?

This is a mandatory part of configuration.

What are the Benefits of Defining an Analysis Profile?

This feature give the system the flexibility to adapt to different risk management models.

SAP 2008 / Page 68

Business Context

Example Analysis Profile

CRG Global Enterprises has decided to adopt the following rules for handling risk

analysis based on their risk management model:

Probabilities will be entered into the system using a quantitative scale (0 -99%).

Impacts will be flexible. Impact can be entered into the system either as a value

(e.g. $250,000.00) or as an impact level (Insignificant, Minor, Moderate, Major,

Catastrophic).

The aggregation method for multiple impacts for a single risk is Average.

The impact reduction feature is to be used.

Speed of Onset is not part of the risk management model of GRC, therefore they do

not need this feature enabled.

SAP 2008 / Page 69


Analysis Profile

Copy of UI

The analysis profile settings are relevant to risk analysis.

If enabled the Speed

Of Onset field would

appear here

Probability setting is

quantitative

Impact setting is

mixed

SAP 2008 / Page 70


Analysis Profile

Copy of UI

Impact Analysis Method is set to Mixed. Either Quantitative or Qualitative can be

select for each individual impact.

SAP 2008 / Page 71


Analysis Profile

Activities

1. Choose New Entries.

2. Enter the name of the profile ID you want to define.

3. Checkmark whether impact reduction is to be used, and

if so, select the impact probability.

4. Checkmark whether the speed of onset is to be used and

if so, select the type of impact value.

5. Finally, select the loss/gain aggregation method to be

used.

6. Save your entry.

SAP 2008 / Page 72


Analysis Profile

Impact reduction

This refers to the reduction in the impact of a risk after risk response.

You can set the Impact Reduction indicator On or Off, to enable or disable the display

of the impact reduction option on the RM user interface (UI).

If you do not set the indicator, the impact reduction section does not appear on the

Response tab of the RM UI.

In addition, the system does not calculate the value of the residual risk in the residual

risk analysis, however you can still maintain it manually in the Analysis tab of the Risk

UI.

SAP 2008 / Page 73


Analysis Profile

Probability

This option enables you to select a probability mode for the risk analysis. You can select

any of the following options:

Qualitative: In this option, the probability appears as a dropdown list on the UI

and you can select the probability level from the list.

Quantitative: In this option, the probability appears as in input field on the UI and

you can enter the probability percentage value.

Disabled: The probability does not appear on the UI.

SAP 2008 / Page 74


Analysis Profile

Speed of Onset

This refers to the timeframe.

The timeframe is the period of time that is available to decide on the risk responses.

You can set the Speed Of Onset indicator On or Off, to enable or disable the display

of speed of onset option on the UI.

SAP 2008 / Page 75


Analysis Profile

Impact Value

This refers to the monetary value of the impact of a risk. You can select any of the

following options:

Qualitative: In this option, the impact value appears as a drop down list on the UI

and you can select the impact levels.

Quantitative: In this option, the impact value appears in the form of three input

fields for specifying the minimum, maximum, and average values of impact.

Mixed: In this option, both qualitative and quantitative options appear on the UI.

SAP 2008 / Page 76


Analysis Profile

Combinations of Analysis Profile settings

You can select any of the options described above for a risk analysis. However, there are certain

combinations of probability and impact value selections that determine the mode of risk analysis. The list

below describes the possible combinations of probability and impact values:

Probability = qualitative

Impact value = qualitative result

Probability level x impact level = risk level

Probability = qualitative

Impact value = quantitative result

The system converts the total loss to the impact level and calculates the risk level.

Probability = quantitative

Impact value = qualitative result

The system converts the probability percentage value into probability level and calculates the

risk level.

Probability = quantitative

Impact value = quantitative result

The system converts the probability percentage value into a probability level. In addition, the

system calculates the impact level on the basis of minimum, average, and maximum impact

amounts, after which the system calculates the risk level.

SAP 2008 / Page 77


Analysis Profile

Interview questions

What combination of qualitative and quantitative settings is supported in your risk

management model?

SAP 2008 / Page 78


Analysis Profile

Profile IDImpact

ReductionProbability

Speed of

OnsetImpact Value

Aggregation

Method

On Quantitative On Quantitative Lowest

Off Qualitative Off Qualitative Highest

Mixed Average

SAP 2008 / Page 79

Comments and Feedback

Your feedback is very valuable and will enable us to improve our documents. Please

take a few moments to complete our feedback form. Any information you submit will

be kept confidential.

You can access the feedback form at:

http://www.surveymonkey.com/s.aspx?sm=stdoYUlaABrbKUBpE95Y9g_3d_3d

SAP BusinessObjects Risk Management 3.0 Risk and Opportunity Analysis

Documents