The purpose of this page is to explain the application behavior and business logic of Automatic Risk Aggregation in GRC Risk Management 10.0
Risk Aggregation is the process by which the application calculates an aggregated risk from various Underlying input risks. The hierarchy of the risks can be created based on an Organization’s categorization of their risks. Any changes in the input risks are aggregated up and synchronized with the main risk Analysis of the input risk is combined based on the calculation logic defined to generate an updated analysis of the aggregated risk.
Types of Risks
Risk Aggregation can be done in two ways based on the type of risk and the customizing settings.
Corporate Risk Aggregation
This type of risk aggregation is pre delivered by SAP and can only aggregate risks created as corporate risks with a forecasting horizon based analysis and the risks can be combined in one of the following ways:
Sum: The aggregated impact is the sum of all underlying impacts.
Average : The aggregated impact is the average of all underlying impacts.
Maximum: The aggregated impact is the highest of all underlying impacts.
Minimum: The aggregated impact is the lowest of all underlying impacts.
The probability is calculated for each forecasting horizon by combining the underlying analysis in one of the following ways.
Sum: The aggregated probability is the sum of all underlying probabilities.
Average: The aggregated probability is the average of all underlying probabilities.
Maximum: The aggregated probability is the highest of all underlying probabilities.
Minimum: The aggregated probability is the lowest of all underlying probabilities.
Product: The aggregated probability is the product of all underlying probabilities .
(interpreted as fractions of 1)
Operational Risk Aggregation
The aggregation of Operational Risks is done via implementation of a custom calculation logic.
1. Create Z class that implements the interface IF_GRRM_ANALYSIS_AGGREGATION.
2. Implement this method IF_GRRM_ANALYSIS_AGGREGATION~GENERATE_AGGREGATE_ANALYSIS. Put the aggregation logic into this method. Check as example class CL_GRRM_ANA_AGGR_DEFAULT.
3. Implement this method IF_GRRM_ANALYSIS_AGGREGATION~AGGREGATION_POSSIBLE. This method should check whether the aggregated analysis can be aggregated by the algorithm coded in the previous method. Check as example class CL_GRRM_ANA_AGGR_DEFAULT.
4. As soon as the Z class is finished ,do aggregation customizing - transaction SPRO -> Governance, Risk and Compliance -> Risk Management -> Risk and Opportunity Analysis ->Automatic Risk Aggregation Settings. There is need to create one new entry. The entry should be marked as Customized Aggregation Mode and Z class should be entered here.