## Purpose

The purpose of this page is to explain the application behavior and business logic of Automatic Risk Aggregation in GRC Risk Management 10.0

## Overview

Risk Aggregation is the process by which the application calculates an aggregated risk from various Underlying input risks. The hierarchy of the risks can be created based on an Organization’s categorization of their risks. Any changes in the input risks are aggregated up and synchronized with the main risk Analysis of the input risk is combined based on the calculation logic defined to generate an updated analysis of the aggregated risk.

## Risk Aggregation

### Types of Risks

Risk Aggregation can be done in two ways based on the type of risk and the customizing settings.

### Corporate Risk Aggregation

This type of risk aggregation is pre delivered by SAP and can only aggregate risks created as corporate risks with a forecasting horizon based analysis and the risks can be combined in one of the following ways:

**Sum**: The aggregated impact is the sum of all underlying impacts.

**Average** : The aggregated impact is the average of all underlying impacts.

**Maximum:** The aggregated impact is the highest of all underlying impacts.

**Minimum**: The aggregated impact is the lowest of all underlying impacts.

The probability is calculated for each forecasting horizon by combining the underlying analysis in one of the following ways.

**Sum**: The aggregated probability is the sum of all underlying probabilities.

**Average**: The aggregated probability is the average of all underlying probabilities.

**Maximum:** The aggregated probability is the highest of all underlying probabilities.

**Minimum**: The aggregated probability is the lowest of all underlying probabilities.

**Product**: The aggregated probability is the product of all underlying probabilities .

(interpreted as fractions of 1)

### Operational Risk Aggregation

The aggregation of Operational Risks is done via implementation of a custom calculation logic.

1. Create Z class that implements the interface **IF_GRRM_ANALYSIS_AGGREGATION.**

2. Implement this method **IF_GRRM_ANALYSIS_AGGREGATION~GENERATE_AGGREGATE_ANALYSIS**. Put the aggregation logic into this method. Check as example class **CL_GRRM_ANA_AGGR_DEFAULT**.

3. Implement this method **IF_GRRM_ANALYSIS_AGGREGATION~AGGREGATION_POSSIBLE**. This method should check whether the aggregated analysis can be aggregated by the algorithm coded in the previous method. Check as example class **CL_GRRM_ANA_AGGR_DEFAULT**.

4. As soon as the Z class is finished ,do aggregation customizing - transaction SPRO -> Governance, Risk and Compliance -> Risk Management -> Risk and Opportunity Analysis ->Automatic Risk Aggregation Settings. There is need to create one new entry. The entry should be marked as Customized Aggregation Mode and Z class should be entered here.