Governance, Risk & Compliance +
Burgeoning write offs due to subprime crisis, which has taken toll of US $380 billion across globe as of May 2008 (citation), has weakened the financial services sector sentiment in multi-fold. It has questioned the resilience of US economy against all odds, has butchered the rating agency pricing model and above all, has put forward many questions to executives in financia services sector, especially on their tenacity to handle enterprise risk management. Post-mortem, analysis, tug-of-war between various entities are inevitable at such loss, but the biggest question is - how to resurrect from this financial catastrophy. That's a tough question. In this near recession environment, it's not just the governance revitalization or risk & compliance (GRC) that matters, but to me a holistic and integrated approach to several organizational processes are mandated to make sure all strategic decisions at this stage have been evaluated on necessary inputs.To me there are four areas, which stand out, are to be analyzed in a coordinated manner- Customer Service, Technology effectiveness, GRC and product/service innovation. It is the effective integrated analysis of these processes which will decide the fate of strategic decisioning in this turbulent market. I would like to elaborate more on the above point since there are so called contemporary academia who will question my revolutionary thoughts and turn back and ask me "Why".
The answer is within those four processes. Let's look at GRC- this signifies the processes which upholds the intenal management of the organization, finacial integrity, disclosure and investor management. Now the point is - can GRC strategy be stand alone without the backing of other strategic areas like customer relation, product/service innovation and the technology infrastructure. Market expects organization to have a strategy which is fool-proof and will work under current dismissive undercurrent of recession. We can clearly see the headache of executive while taking any strategic decision at this stage- "What can be done to improve the firm performance? Which are the areas need reinforced approach? How to get a winning strategy and where to keep our eye on?" This is where the significance of mentioned four processes comes. Excellent customer relation is the prime target area, so also the smartness of the firm to understand client better and innovate better products/services and apart from these, there has to have technology infrastructure which will help automate the processes for better client satisfaction and organizational efficiency. There you go the answer. I am the decision maker and my industry is in deep soup due to uncalled for market situation, what is the option before me. I should make sure the governance structure is client centric, has an environment which never buckles to convert client expectation to new product /service and above all, has the amunition which helps promulgating process automation and better efficiency. That's what I want. So, where we landed up then. We came back to very conjecture that these four processes have tremendous inter-relationship, synergy and they are of strategic importance and need be examined in integration.
GRC- The process which will ensure effective governance, risk culture and stakeholder relation.
Customer Service- the most important parameter in organizational growth and market performance.
Product/Service Innovation- This linked to customer expectation
Technology effectiveness- This is the backbone to ensure above three work in tandem and effectively;most impotantly, technology use is no more tactical, it has strategic significance.It's just not the use of technology, but the effective use is what matters most.
So, what we need is the proper analysis of above four processes and their data analytics.These analytics are what acts like strategic inputs in executive decisioning. This topic is very close to me and I had the privilege to debate this with many industry experts and academia. Initial reaction always was "why should they", but when you elaborate further, they nod their head in affirmative. Under above background, I also like to reiterate my article recently published in DMReview on similar background, please visit here. Going forward, I would like to discuss more about the challenges ploughing back this thought process to action.
Comments
Hi Suvendu,
I do not have any disagreement with your suggested approach; however, I would like to ask one question, "Why the governance was seen in isolation?".
I have reason for asking this question; as per my understanding, a governance is a three step process, wherein, you define, "WHAT", "HOW", and "WHO", i.e. the WORK that needs to be governed, the details, as how those work units would be governed, and finally, WHO would govern those? That is, the stakeholders, interests, benefits, and responsibilities and empowerment map / matrix, i.e. the composition of governing body / council.
Therefore, if you try defining the governance from this perspective, you would appreciate that "Risk Management", "Operations Management", "HR Stewardship", "Financial Stewardship", "Client Satisfaction" etc. are integral parameters of governance. If that were the case, the gap lies in understanding of "governance", and hence, its implementation.
Regards,
Shyam
Posted by: Shyam Singhal | June 9, 2008 5:52 AM
Hi Shyam,
Thanks for your comment.
Absolutely, there is no doubt that governace is not an isolated entity. It is the core of all process orchestration. However, let's appreciate the recent turmoil in financial services industry and under that backdrop, we have to figure out HOW, WHAT went wrong. Governance, risk and compliance (GRC) remains and will remain the core entity deciding the strategic initiative. However, when we analyze the present market turmoil, it was apparent that there is a disconnect between the goal GRC had set and the way other important processes responding to that- i.e. customer service, product / service innovation and technology effectiveness. You are right- this could be bad governance or gap in the governance process implementation etc.The whole idea is to bring the GRC process attributes close to those of customer service, product / service innovation and technology effectiveness and analyze. This coordinated analysis will be a better balm for strategic decisioning. My perspective is not questioning the core of governance, but it's proposing to look at governace with other three mentioned important process attributes for superior decisioning and better goal setting in this near-recession market. Hope, this clarifies.
rgds
Suvendu
Posted by: Suvendu Samantaray | June 9, 2008 11:05 PM
I would also like to inform you some more about IT Governance and Compliance.
IT governance, risk and compliance (IT GRC) is about striking an appropriate balance between business reward and risk. The maturity of IT GRC practices for managing reward and risk has a direct impact on the organization. IT GRC encompasses the practices for delivering: Greater business value from IT strategy, investment and alignment, Significantly reduced business and financial risk from the use of IT, and Conformance with policies of the organization and its external legal and regulatory compliance mandates. IT GRC energizes the entire organization to imagine what it can achieve, establishes methods for achieving their objectives, and demonstrates the practices that are proven to work for minimizing business and financial risk. Fundamentally, IT GRC is about striking an appropriate balance between business reward and risk, enabling an organization to more effectively anticipate and manage business risk while more effectively delivering value for the organization.
Posted by: Jack | July 18, 2008 6:29 AM
Thanks Jack for bringing up the topic on IT GRC- an area close to my research interest.
To me, IT GRC falls under the enterprise GRC functions, but it has its added significance and roles to play in order to ensure enterprise GRC runs effectively and at the same time, the ambience of IT GRC is also robust.
To summarize, I can see two roles when we mention IT vis-à-vis Enterprise GRC:-
1. Providing Consistent, Sustainable, Scalable platform for Enterprise GRC
This helps collaborating, disseminating information, policies, predictive GRC analytics and reporting. In order to have consistent, transparent and efficient GRC functions, a technology driven infrastructure is a must for organizations who want to see greater value emanating from GRC investment.
2. Manage IT GRC activities
This has already been well articulated by you. It is not only important to align the IT actions with business strategy & objectives, but also important for IT to manage its own aspects of GRC – IT controls, privacy, information security, information risk, business continuity, disaster management. Some of Infosys offerings in this area can also be appreciated in following link
Information Risk Management.
In my previous deliberations, I always had greatest regard to IT function and its evolving significance in strategic decisioning. The challenge would be to create meaningful analytics of enterprise IT function and bring those closure to GRC intelligence, customer service and product/service innovation. I would look forward to greater dialogue in this regard from your side.
Thanks
Suvendu
Posted by: Suvendu | July 23, 2008 3:00 PM
A very valid futuristic and significant area which enables the business to exist, govern and comply with all statutory requirements so that it can create more money. Can a person with more than 8 year experience in internal audit kaizen, Balance Score card/capital budgeting and Statutory compliance and Corporate Governance feed the top management with effective suggest to keep the entity going....Can a BBM+MCA+ACS+CA(intermediate) with 9 year experience in risk management and corporate governance & statutory compliance enable your esteemed organisation to exist and take a giant leap into future....
Posted by: R.Ravi | November 21, 2010 3:24 PM