SlideShare ist ein Scribd-Unternehmen logo

Feb2008 Monthly Slides 1

Nadir Hussain
Nadir Hussain
1 von 57
Downloaden Sie, um offline zu lesen
Risk Advisory Services 02/26/2008 From Compliance to Competitive Edge The Paradigm Shift to Improve Leveraging Risk Investments Business
Agenda The Current State Navigating Through The Confusion What We Are Hearing About Risk The Current State Market Challenges Costs and Budgeting Risk Convergence A Fresh Look At The “Internal Controls” Maximizing The Role of IT In Compliance Leading IT Practices In Successful Organizations 1
The Current State Navigating through The Confusion 2
Standards? What Standards? "The nice thing about standards is that there are so many of them to choose from.” – Andrew S. Tannenbaum 3
Navigating Through the Confusion Regulators SEC EEOC OSHA FRC Frameworks NASD/N PCAO EPA FTC YSE B DOJ PTO IRS COSO DHS EBSA COSO Business Drivers and Initiatives ERM Logical and Asset Earnings and Revenue and Reputation OCEG and Capital Management Operating Margins Market Share and Brand Coordinated COBIT Process Section 404 IFRS Environmental USSG CFO Act E-Gov Act and Social OMB A-123 IP—Protection Product Liability ISO FMFIA Laws Laws HIPAA Tax Regulations 1933 and 1934 CSR Anti-Money Securities Act American **Frequently-used examples Productivity and Laundering Laws Anti-Trust Act Quality Center Supply Chain Software (APQC) Council (SCOR) Engineering Laws, Institute (Capability Regulations, and Model) Maturity Standards Ever-increasing Laws, Regulations, and Standards, and Multiple Frameworks 4
Now Consider This Example: Nicole is an equity division manager in global bank The work day has barely begun Discovered that a recent spike in trading volume has jolted the firm’s trading platform resulting in a multitude of trade breaks and delayed executions She checks her e-mail and sees a barrage of requests to provide risk information to various departments Compliance department wants an urgent meeting to discuss its plan to conduct several business reviews during the year IT risk unit has sent a questionnaire on business continuity planning and data security Internal audit is asking to review its risk assessment of her business and agree to four audits of her group in the next 12 months How can Nicole effectively increase the top line if she is hampered by inefficient business processes? 5
What We Are Hearing About Risk Keep Us Out of Trouble Make Our Business Growing Number Better Inter-Agency Coordinated Bigger Fines of Restatements Sales Activities- Coordination and Changes in Compliance Settlements goal Services, Software and Hardware & Focus On Core Mission Continuing Regulations Optimized Defense of Effective Use Funding Of Relevant Controls of Technology Projects Intellectual Research Property & Option Decrease Developm Cost of Accessing Backdating entSpend Emerging Corporate Compliance Markets OMB Just-In-Time Catastrophic Management Activities Optimized Inventory Reputational Watch List & Management Improved Risk Governance Consequences GAO High Risk Reporting and Structure/Program List Disclosure Performance All too confusing and Must do it… overdone… Except when But how do we do it we get in trouble better? 6
The Current State Market Challenges 7
Top Challenges: Six challenges dominate senior management agendas Category Includes Improving Achieving greater efficiencies in risk and control efficiency/Program processes; inter-agency coordination; improving Performance coordination; unifying and streamlining approaches Challenging Shifting regulatory demands, high degree of regulatory regulatory scrutiny, variation of regulations across environment with Keeping pace jurisdictions. Rapid business growth, competitive intensity, M&A business growth and activity, global expansion, increasing product complexity complexity, raised customer expectations Attracting and Shortage of good talent in competitive markets, retaining especially in specialized areas or emerging talent/Human capital geographies crisis Managing change Dealing with people and organizational issues as new processes demand new methods of work Fear of compliance Fear of compliance failures despite best efforts, due failures and to human error or unanticipated events; identifying emerging risks and preparing for future risks 8
Top Challenges: Improving efficiency is the leading concern for all respondents followed by regulatory issues PERCENT RESPONDING – ALL RESPONDENTS Improving efficiency 50% * Challenging regulatory environment/ 30% 13% Implementing Basel II Keeping pace with business growth & 30% complexity Attracting & retaining talent 20% Managing change 20% Fear of compliance failure 17% Identifying emerging 13% * The dark bar represents those respondents who mentioned general regulatory risks challenges; the light bar represents those respondents who specifically cited Basel II implementation 9
Challenge #1: Inefficiency is acting as a “drag on the system” There is unanimous recognition that rapid growth of business – mergers, global expansion – together with SOX and the complex regulatory environment, have resulted in inefficient structures, and redundant systems and processes There is an extremely high desire to fix this problem 10
Challenge #2: There is a growing frustration with regulators Respondents see no letup in the regulatory environment – Sarbanes Oxley, Basel, privacy, HIPAA, IFRS, Anti-money Laundering etc., etc… Organizations are pushing back 11
Challenge #3: Keeping pace with business growth and complexity The requirement for speed to market creates pressure on all types of fronts, from credit and market risk related approvals to compliance or regulatory or legal approvals How do we do our part to support revenue growth and the growth of our company and have the proper risk/reward balance? There is a proliferation of new products which are becoming increasingly sophisticated 12
Challenge #4: The complex environment is driving the need to attract and retain talent Definitely a major concern for the leadership Good talent is hard to find Competition for talent is intense, and the supply of risk professionals is not keeping up with demand 13
Challenge #5: Dealing with people and organizational change issues is daunting Inefficiencies, the complex regulatory and business environment, and the shortage of talent, are stressing current systems and driving demand for more robust solutions “Moving the supertanker” requires a common understanding of risk and control procedures across the enterprise, senior management buy-in, and clear definitions of roles People’s natural resistance to change is a constant struggle 14
Challenge #6: Identifying emerging risks and fear of compliance failures keep many respondents up at night Despite significant investments, many acknowledge they continue to worry about breaches in compliance due to human error, regulatory surprises, or unknown emerging risks – “We operate in so many different jurisdictions, in 50 countries, and with various different products. We have about 130,000 employees. And if you think that everybody is doing everything they should, the way they should be doing it, you know that's not happening.” - Head of Internal Audit, Commercial Bank 15
The Current State Costs and Budgeting 16
Costs and Budgeting: Half of all respondents believe costs will continue to rise; the other half see costs stabilizing ALL RESPONDENTS Increasing 48% Reasons cited include: Continued business growth and global expansion Decreasing 21% Rigorous regulatory environment Need for more Staying the same 25% expensive senior talent Don't know 7% 17
Costs and Budgeting: Very few can estimate time business spends on risk and control management Most feel that time spent in the business units is too embedded to track Time spent depends on the job and the type of business – “Our industry is plagued with this: we don’t have a good understanding of what our key processes are and we don’t have the ability to measure our unit costs. If you went to Toyota or Coca Cola, they have a whole science, but when you ask about processes here people look at you as if you were speaking Swahili.” - Head of Operational Risk, Commercial Bank 18
Top Challenges: Six challenges dominate senior management agendas Category Includes Improving efficiency Achieving greater efficiencies in risk and control processes; improving coordination; unifying and Challenging streamlining approaches Shifting regulatory demands, high degree of regulatory regulatory scrutiny, variation of regulations across environment with Keeping pace jurisdictions. Rapid business growth, competitive intensity, M&A business growth and activity, global expansion, increasing product complexity complexity, raised customer expectations Attracting and Shortage of good talent in competitive markets, retaining talent especially in specialized areas or emerging Managing change geographies Dealing with people and organizational issues as new processes demand new methods of work Fear of compliance Fear of compliance failures despite best efforts, due failures and to human error or unanticipated events; identifying emerging risks and preparing for future risks 19
Now Consider This Example: Nicole is an equity division manager in global bank The work day has barely begun Discovered that a recent spike in trading volume has jolted the firm’s trading platform resulting in a multitude of trade breaks and delayed executions She checks her e-mail and sees a barrage of requests to provide risk information to various departments Compliance department wants an urgent meeting to discuss its plan to conduct several business reviews during the year IT risk unit has sent a questionnaire on business continuity planning and data security Internal audit is asking to review its risk assessment of her business and agree to four audits of her group in the next 12 months How can Nicole effectively increase the top line if she is hampered by inefficient business processes? 20
Risk Convergence – Streamlining Governance, Risk and Compliance (GRC) 21
What Is Risk Convergence? Common framework to assess and monitor the organization’s risks: Reduce redundant risk management and control activities Eliminate duplication among business units Drive down costs 22
Why Risk Convergence?? “It is not the strongest of the species that survives, nor the most intelligent, but the one most responsive to change.” — Charles Darwin 23
Why Risk Convergence?? Standard & Poor’s, Moody’s and other credit-rating agencies measure an Enterprise Risk Management program as a lead risk indicator and a major scoring factor. Standard & Poor’s credit rating Challenging to determine management capability and capacity to manage risk Proposal to introduce enterprise risk management analysis into the corporate debt rating process 24
Why Risk Convergence - Aligning to Your Business Drivers Keep Us Out of Trouble/Make the Business Better Maintaining strong ethical tone at the top Reputation and Brand Protecting and defending intellectual property Do our stakeholders rights have a favorable view? Managing customer and employee information, e.g., privacy concerns Organizing regulatory compliance/governance in an efficient manner Revenue and Asset and Market Share business Capital Management How does the How efficient organization grow? drivers is the organization? Entering new markets— Improving inventory and particularly emerging markets receivable management Prioritizing R&D spend to Earnings and Coordinating supply ultimately align with customer chain/lean manufacturing needs Operating Margins Integrating global processes How profitable is and IT systems Integrating large scale acquisitions the organization? Using finance arrangements Simplification of multi-element Maintaining gross margins through new to access new markets sales, e.g., software, product introductions hardware and services Improving operating margins Channel management Managing warranty terms and product returns Managing third-party contractor relationships 25
Why Risk Convergence?? Mitigate risk Despite significant investments, compliance failures continue to represent a major threat – both monetary and reputational Streamlining risk and control operations reduces compliance gaps and enables more effective ongoing risk management Increase efficiency / reduce costs Streamlining risk and control programs and processes reduces the enormous time commitments and frustration levels throughout the organization, and ultimately will result in better cost management and control Support strategic decision-making Greater coordination and information sharing among corporate control units and business units provides senior management and board committees with more effective multi-dimensional risk information that supports decision-making 26
State of Convergence: All organizations are underway with some form of convergence Terminology may vary, but all understand the concept of streamlining governance, risk and control processes Each organization is forging its own way, based on culture, business imperatives, appetite for change, and regulatory history Most are in the early stages and the majority of activities are driven by short-term objectives 27
State of Convergence: There are no best practices There are some organizations that are fairly far down the path, however, no one considers themselves ‘converged’ Currently there are no best practices or established methodologies Most convergence activities are being led by the CFO, CRO, or the head of one or two functions 28
State of Convergence: Efficiency is the primary driver of convergence Desire for greater efficiency is the main driver for risk convergence Reducing risk fatigue in the business units is considered but this has eased since the early SOX days Surprisingly, cost reduction is not a major driver 29
State of Convergence: Convergence is evolutionary not revolutionary are addressing convergence in Most organizations incremental stages The appetite for a massive enterprise transformation is low 30
State of Convergence: People issues are the primary barriers to convergence Overcoming people’s natural resistance to, and fear of, change is the biggest obstacle to convergence • “People don’t like converging. In their minds it tends to dilute their efforts. If it is a significant risk to them, they want and demand the resources to deal with it.” - CRO, Commercial Bank 31
State of Convergence: Convergence is creating a need for more senior talent As convergence initiatives begin to reduce redundancies and inefficiencies, organizations are finding that they need more senior talent and less junior staff This represents a major shift in the skill base and exasperates the shortage of talent in the industry 32
Stages of Risk Convergence 33
The Path to Convergence While there is not one clear approach to convergence, Convergence companies are following somewhat Technology institutionalized options similar paths implemented Roles and Methodologies responsibilities aligned redefined Implementation Redundancies being Reporting addressed streamlined Integration Phase Groups Owner identified interacting and committee formed Alignment Phase Vision defined Coordination Phase Sophistication 34
The Path to Convergence Most respondents are in “Coordination Phase” Convergence institutionalized Technology options implemented Roles and Methodologies responsibilities aligned redefined Implementation Redundancies being Reporting addressed streamlined Integration Phase Groups Owner identified interacting and committee formed Alignment Phase Vision defined Coordination Phase Sophistication 35
The Path to Convergence As organizations make progress in reducing Convergence institutionalized redundancy, they begin to Technology options tackle more difficult aspects implemented of efficiency improvement Roles and Methodologies responsibilities aligned redefined Implementation Redundancies being Reporting addressed streamlined Integration Phase Groups Owner identified interacting and committee formed Alignment Phase Vision defined Coordination Phase Sophistication 36
The Path to Convergence Even for those furthest along the convergence path, redefining roles, Convergence implementing new technologies, and Technology institutionalized options embedding new practices remains a implemented goal Roles and Methodologies responsibilities aligned redefined Implementation Redundancies being Reporting addressed streamlined Integration Phase Groups Owner identified interacting and committee formed Alignment Phase Vision defined Coordination Phase Sophistication 37
Risk Convergence Evolution - A Fresh Look at the “Internal Controls” Effective internal control environment means: The company is working and performing well Communicates performance to capital markets and investors in a transparent manner Note: Transparency and certainty over risk and internal controls in strategic, operational and financial reporting areas Management understand major risks and has processes in place to address/mitigate these risks Changing perception of Internal Controls From being viewed as “burdensome” to “strategic information” for driving business decisions 38
Do the current internal controls investments provide the following business benefits? 39
Aligning Internal Control Investment with Risk Assessment How frequently does the company conduct an enterprise risk assessment? 40
What is the focus of the risk assessment? 41
Room for improvement? How effective are internal controls over the following financial reporting areas? 42
How effective are internal controls over the following business and operational areas? 43
How effective are internal controls over the following information technology areas? 44
Where are Leading Companies Investing? What are the key business drivers justifying future investments to strengthen internal controls? 45
Better Understanding of Major Risk Areas What is the impact and probability of your top strategic risks? Key Strategic Risks Key Strategic Risks Major Inefficient management of contract Loss of ability to achieve any strategic manufacturer relationship (e.g. – lead objectives-worst case times, variance accounting, etc.) Inefficient JIT inventory management (e.g. – balancing with customer Significant demand) Significantly reduced ability to achieve all Delays in new product development strategic objectives Uncertainty due to increased off- shoring and business process Impact Moderate Disruption to achievement of outsourcing one strategic objective and reduced ability to conduct International expansion/emerging normal operations market penetration Minor Intense competition in mature product Minimal disruption to one strategic objective and some lines impact on ability to conduct normal operations Price/gross margin erosion Insignificant Cost/operating expense management No impact on strategic Intellectual property protection and objectives and only limited disruption to defense normal operations Remote Unlikely Likely Highly Likely Expected Large scale mergers and acquisitions less than 10% Between Between Between Over 75% chance of 11 - 20% chance 21-50%% 51-75% chance of Multi-element sales contract occurrence of occurrence chance of chance of occurrence occurrence occurrence simplification and revenue recognition Probability 46
Making the Business Better Investing in a Comprehensive Control Environment strategic value Controls Automation & Continuous Controls Monitoring operations Process & Controls efficiency Improvement Top-Down Risk Assessment financial & Scoping Risk Convergence- Risk Based Consistent Testing & Risk & Control Evaluation Framework Optimization & compliance Standardizatio n of Controls Coverage of Fraud Leveraging Risk & Controls Monitoring Controls cost investment 47
Maximizing The Role of IT in Compliance Management Enterprise Risk IT Integration Continuous Controls Monitoring/ Controls Automation Segregation of Duties Change Management Super User Access Rights – Identity and Access Management Application Controls Tools and Technologies – Seamless integration of disparate sources of information Sophisticated Data Analytics 48
Continuous Controls Monitoring Another strategy for improving efficiency using IT Automates the monitoring of financial and operational controls at the entity and transaction levels Maximizing the full capabilities of the IT investment to control the flow of transactions and significantly leveraging these capabilities for the operating effectiveness of internal controls Focused on application controls, segregation of duties, transactional data analysis, and IT general controls 49
How do Companies Assess? Audit Audit In the Past… Audit • Point in Time Audits High • Reactive • Random • Sampling • Generic Business Moving Forward… Risk Continuous Continuous Proactive Monitoring Comprehensive Integrated Low Business Specific Time 50
Leading IT Practices in Successful Organizations Three overarching principles seen in successful organizations Risk Management Manage the risk of IT Leverage IT investments to reduce other risks that organization may face Cost Rationalization Rationalize the cost of IT Leverage IT investments to rationalize costs elsewhere in the organization Value Creation Increase the strategic and operational value being created for the business by IT 51
View ODS Function Best/Leading Practices 52
Leading IT Practices in Successful Organizations Four distinct traits seen in successful organizations 1. Strategic Alignment: Viewing IT as strategic commitment vs. a utility activity Viewing IT functions as technological framework which coordinates information, decision making, management and strategy Achieved through executive sponsorship and linking IT to major processes and initiatives 53
Leading IT Practices in Successful Organizations Four distinct traits seen in successful organizations 2. Effective Governance Achieve formal implementation of IT Governance Representation at Board of Directors meeting Achieved through risk and resource management, board attention, use of leading standards 54
Leading IT Practices in Successful Organizations Four distinct traits seen in successful organizations 3. Efficient Operations Strategically utilize IT for revenue generating and cost saving objectives This may include consolidating/standardizing IT functions Achieved through revenue generating enhancements, reduction in service delivery costs, strategic and planned approach to IT function 4. Measured Performance Facilitating strong realization of company’s performance through reporting/assessments 55
Questions 56

Empfohlen

The Relationship Between ITG and ITSM Lifecycles
The Relationship Between ITG and ITSM Lifecycles The Relationship Between ITG and ITSM Lifecycles
The Relationship Between ITG and ITSM Lifecycles PradeepBhanot
 
SOA Mainframe Decision Management
SOA Mainframe Decision ManagementSOA Mainframe Decision Management
SOA Mainframe Decision ManagementDecision Management Solutions
 
HP Software - The Bto Solution
HP Software - The Bto SolutionHP Software - The Bto Solution
HP Software - The Bto SolutionHPDutchWorld
 
Industry solutions 2012 final
Industry solutions 2012 finalIndustry solutions 2012 final
Industry solutions 2012 finalakilakumar
 
Ajay dhir - The new CIO leader: Managing in challenging times
Ajay dhir - The new CIO leader: Managing in challenging timesAjay dhir - The new CIO leader: Managing in challenging times
Ajay dhir - The new CIO leader: Managing in challenging timesGlobal Business Events
 
Insorce Presentation
Insorce PresentationInsorce Presentation
Insorce PresentationShammik Gupta
 
Day 3 p3 - xs and ec
Day 3 p3 - xs and ecDay 3 p3 - xs and ec
Day 3 p3 - xs and ecLilian Schaffer
 
SAP’s Approach to Sourcing and Procurement Strategies in Today’s Economy
SAP’s Approach to Sourcing and Procurement Strategies in Today’s EconomySAP’s Approach to Sourcing and Procurement Strategies in Today’s Economy
SAP’s Approach to Sourcing and Procurement Strategies in Today’s EconomyJon Hansen
 

Empfohlen

The Relationship Between ITG and ITSM Lifecycles
The Relationship Between ITG and ITSM Lifecycles The Relationship Between ITG and ITSM Lifecycles
The Relationship Between ITG and ITSM Lifecycles PradeepBhanot
 
SOA Mainframe Decision Management
SOA Mainframe Decision ManagementSOA Mainframe Decision Management
SOA Mainframe Decision ManagementDecision Management Solutions
 
HP Software - The Bto Solution
HP Software - The Bto SolutionHP Software - The Bto Solution
HP Software - The Bto SolutionHPDutchWorld
 
Industry solutions 2012 final
Industry solutions 2012 finalIndustry solutions 2012 final
Industry solutions 2012 finalakilakumar
 
Ajay dhir - The new CIO leader: Managing in challenging times
Ajay dhir - The new CIO leader: Managing in challenging timesAjay dhir - The new CIO leader: Managing in challenging times
Ajay dhir - The new CIO leader: Managing in challenging timesGlobal Business Events
 
Insorce Presentation
Insorce PresentationInsorce Presentation
Insorce PresentationShammik Gupta
 
Day 3 p3 - xs and ec
Day 3 p3 - xs and ecDay 3 p3 - xs and ec
Day 3 p3 - xs and ecLilian Schaffer
 
SAP’s Approach to Sourcing and Procurement Strategies in Today’s Economy
SAP’s Approach to Sourcing and Procurement Strategies in Today’s EconomySAP’s Approach to Sourcing and Procurement Strategies in Today’s Economy
SAP’s Approach to Sourcing and Procurement Strategies in Today’s EconomyJon Hansen
 
Global Services Jan 2012
Global Services Jan 2012Global Services Jan 2012
Global Services Jan 2012ajfitzer
 
DC Seminar Nairobi VMware Presentation
DC Seminar Nairobi VMware PresentationDC Seminar Nairobi VMware Presentation
DC Seminar Nairobi VMware PresentationPhares Kariuki
 
Cobit presentation
Cobit presentationCobit presentation
Cobit presentationFran Rodriguez
 
CobIT presentation
CobIT presentationCobIT presentation
CobIT presentationMarc Vael
 
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...SilverStormSolutions
 
SUN ITG
SUN ITGSUN ITG
SUN ITGtomcku
 
Strategic Agility Introduction
Strategic Agility IntroductionStrategic Agility Introduction
Strategic Agility Introductionrobertdbecker
 
IT Governance Briefing
IT Governance BriefingIT Governance Briefing
IT Governance BriefingGreg Torski
 
Child Wear Ea Blueprint V0.7
Child Wear Ea Blueprint V0.7Child Wear Ea Blueprint V0.7
Child Wear Ea Blueprint V0.7Balaji Balasubramanian
 
TripleTree eDiscovery
TripleTree eDiscoveryTripleTree eDiscovery
TripleTree eDiscoveryChris Hoffmann
 
Enpower Process Consulting Profile
Enpower Process Consulting ProfileEnpower Process Consulting Profile
Enpower Process Consulting ProfileEnpower Process Consultants
 
Stefan Pappe Making S O A Operational
Stefan Pappe Making S O A OperationalStefan Pappe Making S O A Operational
Stefan Pappe Making S O A OperationalSOA Symposium
 
IBM zEnterprise: Banking
IBM zEnterprise: BankingIBM zEnterprise: Banking
IBM zEnterprise: BankingStrategy Advisory Group
 
Inv306 going social in a world of grc v.1.1
Inv306 going social in a world of grc v.1.1Inv306 going social in a world of grc v.1.1
Inv306 going social in a world of grc v.1.1Arthur Fontaine
 
Bpo Risk Management
Bpo Risk ManagementBpo Risk Management
Bpo Risk ManagementRahul Bhan (CA, CIA, MBA)
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013Rahul Bhan (CA, CIA, MBA)
 
Sap risk advisory presentation
Sap risk advisory presentationSap risk advisory presentation
Sap risk advisory presentationRahul Bhan (CA, CIA, MBA)
 
Sap Risk Advisory Presentation
Sap Risk Advisory PresentationSap Risk Advisory Presentation
Sap Risk Advisory PresentationRahul Bhan (CA, CIA, MBA)
 
Erp Logic Corporate Brochure
Erp Logic Corporate BrochureErp Logic Corporate Brochure
Erp Logic Corporate Brochurecaldnambi
 
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist, LLC
 
Week 2: ERP and shared services
Week 2: ERP and shared servicesWeek 2: ERP and shared services
Week 2: ERP and shared servicesGreg Wass
 
Get Ready for Solvency II with Oracle's Hyperion Profitability and Cost Manag...
Get Ready for Solvency II with Oracle's Hyperion Profitability and Cost Manag...Get Ready for Solvency II with Oracle's Hyperion Profitability and Cost Manag...
Get Ready for Solvency II with Oracle's Hyperion Profitability and Cost Manag...Alithya
 

Weitere ähnliche Inhalte

Was ist angesagt?

Global Services Jan 2012
Global Services Jan 2012Global Services Jan 2012
Global Services Jan 2012ajfitzer
 
DC Seminar Nairobi VMware Presentation
DC Seminar Nairobi VMware PresentationDC Seminar Nairobi VMware Presentation
DC Seminar Nairobi VMware PresentationPhares Kariuki
 
CobIT presentation
CobIT presentationCobIT presentation
CobIT presentationMarc Vael
 
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...SilverStormSolutions
 
SUN ITG
SUN ITGSUN ITG
SUN ITGtomcku
 
Strategic Agility Introduction
Strategic Agility IntroductionStrategic Agility Introduction
Strategic Agility Introductionrobertdbecker
 
IT Governance Briefing
IT Governance BriefingIT Governance Briefing
IT Governance BriefingGreg Torski
 
Stefan Pappe Making S O A Operational
Stefan Pappe Making S O A OperationalStefan Pappe Making S O A Operational
Stefan Pappe Making S O A OperationalSOA Symposium
 
Inv306 going social in a world of grc v.1.1
Inv306 going social in a world of grc v.1.1Inv306 going social in a world of grc v.1.1
Inv306 going social in a world of grc v.1.1Arthur Fontaine
 
Erp Logic Corporate Brochure
Erp Logic Corporate BrochureErp Logic Corporate Brochure
Erp Logic Corporate Brochurecaldnambi
 

Was ist angesagt? (19)

Global Services Jan 2012
Global Services Jan 2012Global Services Jan 2012
Global Services Jan 2012
 
DC Seminar Nairobi VMware Presentation
DC Seminar Nairobi VMware PresentationDC Seminar Nairobi VMware Presentation
DC Seminar Nairobi VMware Presentation
 
Cobit presentation
Cobit presentationCobit presentation
Cobit presentation
 
CobIT presentation
CobIT presentationCobIT presentation
CobIT presentation
 
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
 
SUN ITG
SUN ITGSUN ITG
SUN ITG
 
Strategic Agility Introduction
Strategic Agility IntroductionStrategic Agility Introduction
Strategic Agility Introduction
 
IT Governance Briefing
IT Governance BriefingIT Governance Briefing
IT Governance Briefing
 
Child Wear Ea Blueprint V0.7
Child Wear Ea Blueprint V0.7Child Wear Ea Blueprint V0.7
Child Wear Ea Blueprint V0.7
 
TripleTree eDiscovery
TripleTree eDiscoveryTripleTree eDiscovery
TripleTree eDiscovery
 
Enpower Process Consulting Profile
Enpower Process Consulting ProfileEnpower Process Consulting Profile
Enpower Process Consulting Profile
 
Stefan Pappe Making S O A Operational
Stefan Pappe Making S O A OperationalStefan Pappe Making S O A Operational
Stefan Pappe Making S O A Operational
 
IBM zEnterprise: Banking
IBM zEnterprise: BankingIBM zEnterprise: Banking
IBM zEnterprise: Banking
 
Inv306 going social in a world of grc v.1.1
Inv306 going social in a world of grc v.1.1Inv306 going social in a world of grc v.1.1
Inv306 going social in a world of grc v.1.1
 
Bpo Risk Management
Bpo Risk ManagementBpo Risk Management
Bpo Risk Management
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013
 
Sap risk advisory presentation
Sap risk advisory presentationSap risk advisory presentation
Sap risk advisory presentation
 
Sap Risk Advisory Presentation
Sap Risk Advisory PresentationSap Risk Advisory Presentation
Sap Risk Advisory Presentation
 
Erp Logic Corporate Brochure
Erp Logic Corporate BrochureErp Logic Corporate Brochure
Erp Logic Corporate Brochure
 

Ähnlich wie Feb2008 Monthly Slides 1

AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist, LLC
 
Week 2: ERP and shared services
Week 2: ERP and shared servicesWeek 2: ERP and shared services
Week 2: ERP and shared servicesGreg Wass
 
Get Ready for Solvency II with Oracle's Hyperion Profitability and Cost Manag...
Get Ready for Solvency II with Oracle's Hyperion Profitability and Cost Manag...Get Ready for Solvency II with Oracle's Hyperion Profitability and Cost Manag...
Get Ready for Solvency II with Oracle's Hyperion Profitability and Cost Manag...Alithya
 
Leveraging Business Rules in TIBCO BusinessEvents
Leveraging Business Rules in TIBCO BusinessEventsLeveraging Business Rules in TIBCO BusinessEvents
Leveraging Business Rules in TIBCO BusinessEventsTim Bass
 
Advance controls 2013
Advance controls 2013Advance controls 2013
Advance controls 2013Zeeshan Khan
 
Cloud Agenda for Finance
Cloud Agenda for FinanceCloud Agenda for Finance
Cloud Agenda for FinanceWorkday
 
FRaCT Webinar Deck
FRaCT Webinar DeckFRaCT Webinar Deck
FRaCT Webinar DeckTeradata
 
Erp formanufacturingindustry
Erp formanufacturingindustryErp formanufacturingindustry
Erp formanufacturingindustryNeeraj Thakur
 
Gregs BI Presentation
Gregs BI PresentationGregs BI Presentation
Gregs BI Presentationflyjock1
 
Val.lunz
Val.lunzVal.lunz
Val.lunzNASAPMC
 
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid ThemSasha Nunke
 
Achieving Efficient GRC Through Process And Automation
Achieving Efficient GRC Through Process And AutomationAchieving Efficient GRC Through Process And Automation
Achieving Efficient GRC Through Process And AutomationJordi Planas Manzano
 
Relating Enterprise Strategy
Relating Enterprise StrategyRelating Enterprise Strategy
Relating Enterprise StrategyToby_Vivek
 
Soft Cost Savings in a VMS/MSP Implementation
Soft Cost Savings in a VMS/MSP ImplementationSoft Cost Savings in a VMS/MSP Implementation
Soft Cost Savings in a VMS/MSP Implementationss
 
Itam Presentation by Cydney Davis
Itam Presentation by Cydney DavisItam Presentation by Cydney Davis
Itam Presentation by Cydney DavisCydney Davis
 
IBM Rational Software Conference 2009 Day 1 Keynote: Dr Daniel Sabbah
IBM Rational Software Conference 2009 Day 1 Keynote: Dr Daniel SabbahIBM Rational Software Conference 2009 Day 1 Keynote: Dr Daniel Sabbah
IBM Rational Software Conference 2009 Day 1 Keynote: Dr Daniel SabbahKathy (Kat) Mandelstein
 
Aufait Technologies - Introduction to BPM
Aufait Technologies - Introduction to BPMAufait Technologies - Introduction to BPM
Aufait Technologies - Introduction to BPMDinesh Kumar P
 
Solvency - II Programme Setup
Solvency - II Programme SetupSolvency - II Programme Setup
Solvency - II Programme Setupgainline
 

Ähnlich wie Feb2008 Monthly Slides 1 (20)

AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
 
Week 2: ERP and shared services
Week 2: ERP and shared servicesWeek 2: ERP and shared services
Week 2: ERP and shared services
 
Get Ready for Solvency II with Oracle's Hyperion Profitability and Cost Manag...
Get Ready for Solvency II with Oracle's Hyperion Profitability and Cost Manag...Get Ready for Solvency II with Oracle's Hyperion Profitability and Cost Manag...
Get Ready for Solvency II with Oracle's Hyperion Profitability and Cost Manag...
 
Simplifying IT GRC
Simplifying IT GRCSimplifying IT GRC
Simplifying IT GRC
 
Leveraging Business Rules in TIBCO BusinessEvents
Leveraging Business Rules in TIBCO BusinessEventsLeveraging Business Rules in TIBCO BusinessEvents
Leveraging Business Rules in TIBCO BusinessEvents
 
Advance controls 2013
Advance controls 2013Advance controls 2013
Advance controls 2013
 
Cloud Agenda for Finance
Cloud Agenda for FinanceCloud Agenda for Finance
Cloud Agenda for Finance
 
FRaCT Webinar Deck
FRaCT Webinar DeckFRaCT Webinar Deck
FRaCT Webinar Deck
 
Erp formanufacturingindustry
Erp formanufacturingindustryErp formanufacturingindustry
Erp formanufacturingindustry
 
Gregs BI Presentation
Gregs BI PresentationGregs BI Presentation
Gregs BI Presentation
 
Val.lunz
Val.lunzVal.lunz
Val.lunz
 
Erp for manufacturing industry
Erp for manufacturing industryErp for manufacturing industry
Erp for manufacturing industry
 
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
 
Achieving Efficient GRC Through Process And Automation
Achieving Efficient GRC Through Process And AutomationAchieving Efficient GRC Through Process And Automation
Achieving Efficient GRC Through Process And Automation
 
Relating Enterprise Strategy
Relating Enterprise StrategyRelating Enterprise Strategy
Relating Enterprise Strategy
 
Soft Cost Savings in a VMS/MSP Implementation
Soft Cost Savings in a VMS/MSP ImplementationSoft Cost Savings in a VMS/MSP Implementation
Soft Cost Savings in a VMS/MSP Implementation
 
Itam Presentation by Cydney Davis
Itam Presentation by Cydney DavisItam Presentation by Cydney Davis
Itam Presentation by Cydney Davis
 
IBM Rational Software Conference 2009 Day 1 Keynote: Dr Daniel Sabbah
IBM Rational Software Conference 2009 Day 1 Keynote: Dr Daniel SabbahIBM Rational Software Conference 2009 Day 1 Keynote: Dr Daniel Sabbah
IBM Rational Software Conference 2009 Day 1 Keynote: Dr Daniel Sabbah
 
Aufait Technologies - Introduction to BPM
Aufait Technologies - Introduction to BPMAufait Technologies - Introduction to BPM
Aufait Technologies - Introduction to BPM
 
Solvency - II Programme Setup
Solvency - II Programme SetupSolvency - II Programme Setup
Solvency - II Programme Setup
 

Feb2008 Monthly Slides 1

  • 1. Risk Advisory Services 02/26/2008 From Compliance to Competitive Edge The Paradigm Shift to Improve Leveraging Risk Investments Business
  • 2. Agenda The Current State Navigating Through The Confusion What We Are Hearing About Risk The Current State Market Challenges Costs and Budgeting Risk Convergence A Fresh Look At The “Internal Controls” Maximizing The Role of IT In Compliance Leading IT Practices In Successful Organizations 1
  • 3. The Current State Navigating through The Confusion 2
  • 4. Standards? What Standards? "The nice thing about standards is that there are so many of them to choose from.” – Andrew S. Tannenbaum 3
  • 5. Navigating Through the Confusion Regulators SEC EEOC OSHA FRC Frameworks NASD/N PCAO EPA FTC YSE B DOJ PTO IRS COSO DHS EBSA COSO Business Drivers and Initiatives ERM Logical and Asset Earnings and Revenue and Reputation OCEG and Capital Management Operating Margins Market Share and Brand Coordinated COBIT Process Section 404 IFRS Environmental USSG CFO Act E-Gov Act and Social OMB A-123 IP—Protection Product Liability ISO FMFIA Laws Laws HIPAA Tax Regulations 1933 and 1934 CSR Anti-Money Securities Act American **Frequently-used examples Productivity and Laundering Laws Anti-Trust Act Quality Center Supply Chain Software (APQC) Council (SCOR) Engineering Laws, Institute (Capability Regulations, and Model) Maturity Standards Ever-increasing Laws, Regulations, and Standards, and Multiple Frameworks 4
  • 6. Now Consider This Example: Nicole is an equity division manager in global bank The work day has barely begun Discovered that a recent spike in trading volume has jolted the firm’s trading platform resulting in a multitude of trade breaks and delayed executions She checks her e-mail and sees a barrage of requests to provide risk information to various departments Compliance department wants an urgent meeting to discuss its plan to conduct several business reviews during the year IT risk unit has sent a questionnaire on business continuity planning and data security Internal audit is asking to review its risk assessment of her business and agree to four audits of her group in the next 12 months How can Nicole effectively increase the top line if she is hampered by inefficient business processes? 5
  • 7. What We Are Hearing About Risk Keep Us Out of Trouble Make Our Business Growing Number Better Inter-Agency Coordinated Bigger Fines of Restatements Sales Activities- Coordination and Changes in Compliance Settlements goal Services, Software and Hardware & Focus On Core Mission Continuing Regulations Optimized Defense of Effective Use Funding Of Relevant Controls of Technology Projects Intellectual Research Property & Option Decrease Developm Cost of Accessing Backdating entSpend Emerging Corporate Compliance Markets OMB Just-In-Time Catastrophic Management Activities Optimized Inventory Reputational Watch List & Management Improved Risk Governance Consequences GAO High Risk Reporting and Structure/Program List Disclosure Performance All too confusing and Must do it… overdone… Except when But how do we do it we get in trouble better? 6
  • 8. The Current State Market Challenges 7
  • 9. Top Challenges: Six challenges dominate senior management agendas Category Includes Improving Achieving greater efficiencies in risk and control efficiency/Program processes; inter-agency coordination; improving Performance coordination; unifying and streamlining approaches Challenging Shifting regulatory demands, high degree of regulatory regulatory scrutiny, variation of regulations across environment with Keeping pace jurisdictions. Rapid business growth, competitive intensity, M&A business growth and activity, global expansion, increasing product complexity complexity, raised customer expectations Attracting and Shortage of good talent in competitive markets, retaining especially in specialized areas or emerging talent/Human capital geographies crisis Managing change Dealing with people and organizational issues as new processes demand new methods of work Fear of compliance Fear of compliance failures despite best efforts, due failures and to human error or unanticipated events; identifying emerging risks and preparing for future risks 8
  • 10. Top Challenges: Improving efficiency is the leading concern for all respondents followed by regulatory issues PERCENT RESPONDING – ALL RESPONDENTS Improving efficiency 50% * Challenging regulatory environment/ 30% 13% Implementing Basel II Keeping pace with business growth & 30% complexity Attracting & retaining talent 20% Managing change 20% Fear of compliance failure 17% Identifying emerging 13% * The dark bar represents those respondents who mentioned general regulatory risks challenges; the light bar represents those respondents who specifically cited Basel II implementation 9
  • 11. Challenge #1: Inefficiency is acting as a “drag on the system” There is unanimous recognition that rapid growth of business – mergers, global expansion – together with SOX and the complex regulatory environment, have resulted in inefficient structures, and redundant systems and processes There is an extremely high desire to fix this problem 10
  • 12. Challenge #2: There is a growing frustration with regulators Respondents see no letup in the regulatory environment – Sarbanes Oxley, Basel, privacy, HIPAA, IFRS, Anti-money Laundering etc., etc… Organizations are pushing back 11
  • 13. Challenge #3: Keeping pace with business growth and complexity The requirement for speed to market creates pressure on all types of fronts, from credit and market risk related approvals to compliance or regulatory or legal approvals How do we do our part to support revenue growth and the growth of our company and have the proper risk/reward balance? There is a proliferation of new products which are becoming increasingly sophisticated 12
  • 14. Challenge #4: The complex environment is driving the need to attract and retain talent Definitely a major concern for the leadership Good talent is hard to find Competition for talent is intense, and the supply of risk professionals is not keeping up with demand 13
  • 15. Challenge #5: Dealing with people and organizational change issues is daunting Inefficiencies, the complex regulatory and business environment, and the shortage of talent, are stressing current systems and driving demand for more robust solutions “Moving the supertanker” requires a common understanding of risk and control procedures across the enterprise, senior management buy-in, and clear definitions of roles People’s natural resistance to change is a constant struggle 14
  • 16. Challenge #6: Identifying emerging risks and fear of compliance failures keep many respondents up at night Despite significant investments, many acknowledge they continue to worry about breaches in compliance due to human error, regulatory surprises, or unknown emerging risks – “We operate in so many different jurisdictions, in 50 countries, and with various different products. We have about 130,000 employees. And if you think that everybody is doing everything they should, the way they should be doing it, you know that's not happening.” - Head of Internal Audit, Commercial Bank 15
  • 17. The Current State Costs and Budgeting 16
  • 18. Costs and Budgeting: Half of all respondents believe costs will continue to rise; the other half see costs stabilizing ALL RESPONDENTS Increasing 48% Reasons cited include: Continued business growth and global expansion Decreasing 21% Rigorous regulatory environment Need for more Staying the same 25% expensive senior talent Don't know 7% 17
  • 19. Costs and Budgeting: Very few can estimate time business spends on risk and control management Most feel that time spent in the business units is too embedded to track Time spent depends on the job and the type of business – “Our industry is plagued with this: we don’t have a good understanding of what our key processes are and we don’t have the ability to measure our unit costs. If you went to Toyota or Coca Cola, they have a whole science, but when you ask about processes here people look at you as if you were speaking Swahili.” - Head of Operational Risk, Commercial Bank 18
  • 20. Top Challenges: Six challenges dominate senior management agendas Category Includes Improving efficiency Achieving greater efficiencies in risk and control processes; improving coordination; unifying and Challenging streamlining approaches Shifting regulatory demands, high degree of regulatory regulatory scrutiny, variation of regulations across environment with Keeping pace jurisdictions. Rapid business growth, competitive intensity, M&A business growth and activity, global expansion, increasing product complexity complexity, raised customer expectations Attracting and Shortage of good talent in competitive markets, retaining talent especially in specialized areas or emerging Managing change geographies Dealing with people and organizational issues as new processes demand new methods of work Fear of compliance Fear of compliance failures despite best efforts, due failures and to human error or unanticipated events; identifying emerging risks and preparing for future risks 19
  • 21. Now Consider This Example: Nicole is an equity division manager in global bank The work day has barely begun Discovered that a recent spike in trading volume has jolted the firm’s trading platform resulting in a multitude of trade breaks and delayed executions She checks her e-mail and sees a barrage of requests to provide risk information to various departments Compliance department wants an urgent meeting to discuss its plan to conduct several business reviews during the year IT risk unit has sent a questionnaire on business continuity planning and data security Internal audit is asking to review its risk assessment of her business and agree to four audits of her group in the next 12 months How can Nicole effectively increase the top line if she is hampered by inefficient business processes? 20
  • 22. Risk Convergence – Streamlining Governance, Risk and Compliance (GRC) 21
  • 23. What Is Risk Convergence? Common framework to assess and monitor the organization’s risks: Reduce redundant risk management and control activities Eliminate duplication among business units Drive down costs 22
  • 24. Why Risk Convergence?? “It is not the strongest of the species that survives, nor the most intelligent, but the one most responsive to change.” — Charles Darwin 23
  • 25. Why Risk Convergence?? Standard & Poor’s, Moody’s and other credit-rating agencies measure an Enterprise Risk Management program as a lead risk indicator and a major scoring factor. Standard & Poor’s credit rating Challenging to determine management capability and capacity to manage risk Proposal to introduce enterprise risk management analysis into the corporate debt rating process 24
  • 26. Why Risk Convergence - Aligning to Your Business Drivers Keep Us Out of Trouble/Make the Business Better Maintaining strong ethical tone at the top Reputation and Brand Protecting and defending intellectual property Do our stakeholders rights have a favorable view? Managing customer and employee information, e.g., privacy concerns Organizing regulatory compliance/governance in an efficient manner Revenue and Asset and Market Share business Capital Management How does the How efficient organization grow? drivers is the organization? Entering new markets— Improving inventory and particularly emerging markets receivable management Prioritizing R&D spend to Earnings and Coordinating supply ultimately align with customer chain/lean manufacturing needs Operating Margins Integrating global processes How profitable is and IT systems Integrating large scale acquisitions the organization? Using finance arrangements Simplification of multi-element Maintaining gross margins through new to access new markets sales, e.g., software, product introductions hardware and services Improving operating margins Channel management Managing warranty terms and product returns Managing third-party contractor relationships 25
  • 27. Why Risk Convergence?? Mitigate risk Despite significant investments, compliance failures continue to represent a major threat – both monetary and reputational Streamlining risk and control operations reduces compliance gaps and enables more effective ongoing risk management Increase efficiency / reduce costs Streamlining risk and control programs and processes reduces the enormous time commitments and frustration levels throughout the organization, and ultimately will result in better cost management and control Support strategic decision-making Greater coordination and information sharing among corporate control units and business units provides senior management and board committees with more effective multi-dimensional risk information that supports decision-making 26
  • 28. State of Convergence: All organizations are underway with some form of convergence Terminology may vary, but all understand the concept of streamlining governance, risk and control processes Each organization is forging its own way, based on culture, business imperatives, appetite for change, and regulatory history Most are in the early stages and the majority of activities are driven by short-term objectives 27
  • 29. State of Convergence: There are no best practices There are some organizations that are fairly far down the path, however, no one considers themselves ‘converged’ Currently there are no best practices or established methodologies Most convergence activities are being led by the CFO, CRO, or the head of one or two functions 28
  • 30. State of Convergence: Efficiency is the primary driver of convergence Desire for greater efficiency is the main driver for risk convergence Reducing risk fatigue in the business units is considered but this has eased since the early SOX days Surprisingly, cost reduction is not a major driver 29
  • 31. State of Convergence: Convergence is evolutionary not revolutionary are addressing convergence in Most organizations incremental stages The appetite for a massive enterprise transformation is low 30
  • 32. State of Convergence: People issues are the primary barriers to convergence Overcoming people’s natural resistance to, and fear of, change is the biggest obstacle to convergence • “People don’t like converging. In their minds it tends to dilute their efforts. If it is a significant risk to them, they want and demand the resources to deal with it.” - CRO, Commercial Bank 31
  • 33. State of Convergence: Convergence is creating a need for more senior talent As convergence initiatives begin to reduce redundancies and inefficiencies, organizations are finding that they need more senior talent and less junior staff This represents a major shift in the skill base and exasperates the shortage of talent in the industry 32
  • 34. Stages of Risk Convergence 33
  • 35. The Path to Convergence While there is not one clear approach to convergence, Convergence companies are following somewhat Technology institutionalized options similar paths implemented Roles and Methodologies responsibilities aligned redefined Implementation Redundancies being Reporting addressed streamlined Integration Phase Groups Owner identified interacting and committee formed Alignment Phase Vision defined Coordination Phase Sophistication 34
  • 36. The Path to Convergence Most respondents are in “Coordination Phase” Convergence institutionalized Technology options implemented Roles and Methodologies responsibilities aligned redefined Implementation Redundancies being Reporting addressed streamlined Integration Phase Groups Owner identified interacting and committee formed Alignment Phase Vision defined Coordination Phase Sophistication 35
  • 37. The Path to Convergence As organizations make progress in reducing Convergence institutionalized redundancy, they begin to Technology options tackle more difficult aspects implemented of efficiency improvement Roles and Methodologies responsibilities aligned redefined Implementation Redundancies being Reporting addressed streamlined Integration Phase Groups Owner identified interacting and committee formed Alignment Phase Vision defined Coordination Phase Sophistication 36
  • 38. The Path to Convergence Even for those furthest along the convergence path, redefining roles, Convergence implementing new technologies, and Technology institutionalized options embedding new practices remains a implemented goal Roles and Methodologies responsibilities aligned redefined Implementation Redundancies being Reporting addressed streamlined Integration Phase Groups Owner identified interacting and committee formed Alignment Phase Vision defined Coordination Phase Sophistication 37
  • 39. Risk Convergence Evolution - A Fresh Look at the “Internal Controls” Effective internal control environment means: The company is working and performing well Communicates performance to capital markets and investors in a transparent manner Note: Transparency and certainty over risk and internal controls in strategic, operational and financial reporting areas Management understand major risks and has processes in place to address/mitigate these risks Changing perception of Internal Controls From being viewed as “burdensome” to “strategic information” for driving business decisions 38
  • 40. Do the current internal controls investments provide the following business benefits? 39
  • 41. Aligning Internal Control Investment with Risk Assessment How frequently does the company conduct an enterprise risk assessment? 40
  • 42. What is the focus of the risk assessment? 41
  • 43. Room for improvement? How effective are internal controls over the following financial reporting areas? 42
  • 44. How effective are internal controls over the following business and operational areas? 43
  • 45. How effective are internal controls over the following information technology areas? 44
  • 46. Where are Leading Companies Investing? What are the key business drivers justifying future investments to strengthen internal controls? 45
  • 47. Better Understanding of Major Risk Areas What is the impact and probability of your top strategic risks? Key Strategic Risks Key Strategic Risks Major Inefficient management of contract Loss of ability to achieve any strategic manufacturer relationship (e.g. – lead objectives-worst case times, variance accounting, etc.) Inefficient JIT inventory management (e.g. – balancing with customer Significant demand) Significantly reduced ability to achieve all Delays in new product development strategic objectives Uncertainty due to increased off- shoring and business process Impact Moderate Disruption to achievement of outsourcing one strategic objective and reduced ability to conduct International expansion/emerging normal operations market penetration Minor Intense competition in mature product Minimal disruption to one strategic objective and some lines impact on ability to conduct normal operations Price/gross margin erosion Insignificant Cost/operating expense management No impact on strategic Intellectual property protection and objectives and only limited disruption to defense normal operations Remote Unlikely Likely Highly Likely Expected Large scale mergers and acquisitions less than 10% Between Between Between Over 75% chance of 11 - 20% chance 21-50%% 51-75% chance of Multi-element sales contract occurrence of occurrence chance of chance of occurrence occurrence occurrence simplification and revenue recognition Probability 46
  • 48. Making the Business Better Investing in a Comprehensive Control Environment strategic value Controls Automation & Continuous Controls Monitoring operations Process & Controls efficiency Improvement Top-Down Risk Assessment financial & Scoping Risk Convergence- Risk Based Consistent Testing & Risk & Control Evaluation Framework Optimization & compliance Standardizatio n of Controls Coverage of Fraud Leveraging Risk & Controls Monitoring Controls cost investment 47
  • 49. Maximizing The Role of IT in Compliance Management Enterprise Risk IT Integration Continuous Controls Monitoring/ Controls Automation Segregation of Duties Change Management Super User Access Rights – Identity and Access Management Application Controls Tools and Technologies – Seamless integration of disparate sources of information Sophisticated Data Analytics 48
  • 50. Continuous Controls Monitoring Another strategy for improving efficiency using IT Automates the monitoring of financial and operational controls at the entity and transaction levels Maximizing the full capabilities of the IT investment to control the flow of transactions and significantly leveraging these capabilities for the operating effectiveness of internal controls Focused on application controls, segregation of duties, transactional data analysis, and IT general controls 49
  • 51. How do Companies Assess? Audit Audit In the Past… Audit • Point in Time Audits High • Reactive • Random • Sampling • Generic Business Moving Forward… Risk Continuous Continuous Proactive Monitoring Comprehensive Integrated Low Business Specific Time 50
  • 52. Leading IT Practices in Successful Organizations Three overarching principles seen in successful organizations Risk Management Manage the risk of IT Leverage IT investments to reduce other risks that organization may face Cost Rationalization Rationalize the cost of IT Leverage IT investments to rationalize costs elsewhere in the organization Value Creation Increase the strategic and operational value being created for the business by IT 51
  • 53. View ODS Function Best/Leading Practices 52
  • 54. Leading IT Practices in Successful Organizations Four distinct traits seen in successful organizations 1. Strategic Alignment: Viewing IT as strategic commitment vs. a utility activity Viewing IT functions as technological framework which coordinates information, decision making, management and strategy Achieved through executive sponsorship and linking IT to major processes and initiatives 53
  • 55. Leading IT Practices in Successful Organizations Four distinct traits seen in successful organizations 2. Effective Governance Achieve formal implementation of IT Governance Representation at Board of Directors meeting Achieved through risk and resource management, board attention, use of leading standards 54
  • 56. Leading IT Practices in Successful Organizations Four distinct traits seen in successful organizations 3. Efficient Operations Strategically utilize IT for revenue generating and cost saving objectives This may include consolidating/standardizing IT functions Achieved through revenue generating enhancements, reduction in service delivery costs, strategic and planned approach to IT function 4. Measured Performance Facilitating strong realization of company’s performance through reporting/assessments 55