There have been a lot of interesting discussions and experiences in 2010, related to the topic(s) of Performance, Risk and Compliance.
We thought we would share them with you in no particular order;
(Full story in the Consider-ation blog) http://consider-ations.blogspot.com/
1) Risk - Are we getting the right balance?
There is a lot of talk and discussion on risk, risk management and ERM these days. We talk about risk mitigation, risk reduction, risk avoidance etc. But risk in business is a good thing. In fact, business would not exist without
risk and there would be no markets and no innovation. There is no performance without risk. There is a lovely thought provoking short
article on this at;http://www.managementtoday.co.uk/features/1042678/Dont-believe-it-Risk-bad-thing/
2) The CFO Agenda and relationship to Performance, Risk & Compliance
We can really recommend a book by Jeremy Hope entitled 'Reinventing the CFO' where he challenges some long held assumptions about planning, budgeting and forecasting as well as the role of the finance function as real business partner. You can watch this You Tube interview with the author http://www.youtube.com/watch?v=xTzCCYT9tqk
3) The 'GRC' term, eGRC, CCM et al - what is the difference?
Rightly or wrongly, the 'GRC' term relates to technology in most peoples minds. Whilst organisations like OCEG are trying to define a broad based definition, perhaps too broad, I am constantly meeting organisations who tell me they want to 'do GRC'....
4) Evolution of Continuous Controls Monitoring and some great case studies of making it work in practice.
5) Anti-Corruption and FCPA - keeps coming up!
Despite FCPA being a US regulation, it reaches far beyond US companies as Daimler, MAN and BAe Systems can attest...
6) Segregation of Duties - Evolution of SoD and my dentist . . .
Yes, an odd thought, I know. We all understand the concept of conflict of interest where money or items of value are concerned....
7) Preventive vs. Detective controls - what is the right balance?
Automated, embedded configuration controls in systems such as ERP etc, are very important and should be used to an appropriate level for the business. But every preventive control has 'workarounds' and, because they are complex, are not always set where management think they are....
8) Independence of control testing, prevention and detection - independent or ERP embedded?
It is clear that wherever possible, preventive process controls should be implemented in the appropriate business process in the ERP system using configuration settings/tools in that system.
Detective monitoring, however, is a different animal......
9) Making my guitar - performance, risk and compliance in practice?
I spent 3 weeks in the summer building a guitar from two blocks of mahogany wood on a beautiful Mediterranean island in the summer. I found that if you really want the outcome, you tend to focus on the process. It worked.....
10) What does 2011 hold in store?
Despite the dire economic conditions of 2008-2009, 2010 has definitely turned the corner. Obviously, different countries and economies are faring to different degrees. I think we will see a few things in 2011;
- Compliance issues will remain important for organisations
- Growing focus on business performance and risk balance
- Continued adoption of Continuous Monitoring, both stimulated by
FCPA and other compliance issues as well as driven by Finance Transformation/harmonisation initiatives
IT organisations will continue to be left with the 'controls issue'in some organisations, although it is not their responsibility or expertise.
We will continue to help these organisations drive better dialogue and education between all stakeholders. For the organisations where that exists already, we have an even better foundation to drive
improved business performance, optimised risk and effective and efficient compliance.
WANT MORE INSIGHT?
Follow some of our thoughts and news to get a genuine view on risk,
controls, compliance and business performance improvement.