By Dan Berthiaume
Although risk management has always been a high priority for enterprises, the nature of it is constantly evolving and changing. Sanjay Jindal, Global Process Owner ? Record to Analyze, Finance & Accounting BPO, Capgemini, recently discussed some of these changes.
Q. Risk management has been a priority for business for a long time. What has changed?
A. There is increasing need for transparency from regulators as well as from shareholders. Significant numbers of compliance disasters in recent times have resulted in the increased importance of risk management in the agendas of various CXOs, as such failures significantly impact the reputation of enterprises. In addition, globalization is resulting in the multiplying of regulations and increased need for compliance. This is placing significantly greater pressure on organizations.
CXOs are looking for different and innovative solutions to help them gain better assurance on risk and compliance while they drive growth in new geographies globally. From an information technology and data perspective, the invention of new technologies is also imposing higher risks.
Q. Why are traditional methods no longer effective?
A. Periodic audit is a typical, traditional method of risk management and compliance. Periodic audits look at what has happened in the past: it does not provide a real-time view of risk and compliance. Most of the time, the audit takes place after the event: it does not help prevent recurring financial leakage. Organizations should not wait for the next audit to find out issues and incur financial leakages and losses.
No CXO likes surprises and they will want to be proactive in their approach to understand and manage potential risks. Most organizations have looked at compliance in a siloed way, with different functions carrying out compliance in different ways, different business entities performing it in different ways, and different countries managing it in different ways. This results in multiple audits being conducted by different stakeholders for the same business process at different point of time. This not only makes traditional approaches costly, it also results in duplication of effort and the use of the valuable time of various business process owners.
Moreover, the siloed approach does not provide a uniform and consistent view of risk across the various functions and business units. In the absence of a uniform, consistent and real-time view of risk, executives end up making decisions based on perceptions.
Q. How should companies approach governance, risk and compliance (GRC)?
A. Companies need to take a unified and integrated approach to managing enterprise-wide risks. They need to break up the traditional silos of functions or business units or geographies and develop a unified risk and control framework supported by uniform ways of assessment of risk across the organization. They should use new tools, as well as data analytical techniques to manage risk and compliance. A centralized approach to creating centers of excellence for GRC could support CXOs to realize their vision of managing risk and compliance in real-time in a uniform and consistent manner across the enterprise and enable them to make decisions based on facts and not perceptions.
Q. What role does BPO play in enabling this new approach?
A. BPO offers platform-enabled end-to-end GRC service as a business process. We propose to set up a Global Process Model? (GPM) control center in our CoE (Center of Excellence) of governance, risk and compliance. Leveraging our GPM assets and Control Library, we develop a unified risk and control framework and establish an assessment approach with a real-time control dashboard. We apply a unique blend of our services of continuous transaction and control monitoring, data analytics and audits to deliver world-class GRC services.
ryan seacrest kentucky derby beltane capitals john edwards conocophillips octomom
কোন মন্তব্য নেই:
একটি মন্তব্য পোস্ট করুন