Continuous Controls Monitoring, Transaction Monitoring and Data Analytics are all related terms for techniques that help assure the operation of core business processes and identify exceptions to policy or expected norms to help drive incremental improvement. Some organisations have had great success with these approaches and driven substantial benefits, but the majority of organisations still struggle to build a sufficiently robust plan and business case to get executive buy-in. This is, in part, due to the fact that transactional data analytics have multiple applications in the areas of risk management, compliance, control and process improvement.
So what is the way forward?
Awareness of significant exceptions in the execution of business processes is key to managing risk, assuring the effectiveness of internal controls, assuring compliance and identifying opportunities for process improvement. Continuously monitoring what’s happening in the business at a detailed level and having timely notification of deviations from the regular path means management have substantive evidence to take corrective action. This is as valid for control or policy exceptions as it is for effort- and cost-sapping process efficiency breakdowns.
It is a common misconception that the implementation of best in class ‘machinery’ such as a new Enterprise Resource Management (ERP) system negates the need to such analytics. Even the best machines in the world need to be monitored for potential control failure and to ensure optimal operation. Business processes are no different.
Key processes such as Procure to Pay, Order to Cash, Record to Report and Human Capital Management are typically supported and automated through use of IT systems such as ERP. All transactions are recorded in a database representing a ‘bread-crumb trail’ of business activity. Automated approaches can be used to monitor and alert for anomalies in the data that represent anomalies in the execution of the underlying business process.
Ultimately the goal is to identify, in areas where it matters most, the difference between ‘what is meant to happen’ and ‘what actually happens’.
Business processes are complex, transaction volumes can be very substantial, exception criteria are often difficult to nail down and specific roles and responsibilities are needed for the management of the monitoring process itself. Many initiatives to implement transaction monitoring have failed due to insufficient consideration of all elements needed to achieve success. Often the primary focus is on implementing a tool. A tool is needed but without due consideration for the end to end process, oversight, clear focus on business outcome and related analytic targets, a practical implementation plan, the tool alone will not deliver the desired value and the initiative will become peripheral or fall into disuse. As the saying goes ‘a fool with a tool is still a fool!’.
A considered assessment and a practical plan aligned to the organisation is needed to ensure a transaction monitoring approach is implemented in a way to deliver the desired value.
The key business drivers for such an assessment typically fall into 4 categories:
Such an approach needs to:
Key steps in such an assessment and planning process are as follows:
The plan should include a business case for any agreed streams of activity. The Case for Action – the essence of the Business Case needs to consider the following elements:
Experience suggests that potential stakeholders across the organisation can have wildly different perceptions of the current state of performance monitoring and control, different vested interests and different beliefs on what ‘must be done’ and even different semantic understanding of the terms used.
Recent such engagements that Consider Solutions have performed show that one of the biggest benefits of such an assessment and planning exercise is gaining consensus on the issues and potential for addressing them. This is achieved, in part, by education and the sharing of clear examples from other organisations, and through an independent business-focussed approach to facilitation that has no vested interest in the outcome. By exploring objectives, targets and specific business outcomes required, the process landscape and priority areas for better management insight become clear.
Ultimately, this assessment and planning process must be led by that rarest of species, a business focused, process oriented risk and performance specialist, with a strong understanding of the capabilities and constraints of IT systems.
Isn’t this just ‘Business Intelligence’, I hear you ask?
This is a form of business intelligence focused on exceptions, and whilst it is common sense, it is not yet common practice for all organisations.
Thanks for reading. . .