Integrity-Driven Performance. New Strategy for ... - GRC Resource

More documents

Recommendations

Info

The Emerging Role of Technology: Enabling GRCAt an advanced level of deployment, technology can be likened to a central nervous system forthe organisation – the means to ascertain, in real time, that risk is being managed and eventsare being acted upon. Organisations that achieve a real-time risk management, compliance andmonitoring environment enable the application of policies and standards at the time businessprocesses are executed. For compliance to be truly effective it must be not incremental, butintegral to business processes – the essence of real-time risk and compliance. Figure III-7 showsan example of real-time risk and compliance concepts applied to a business process.Figure III-7: The Essence of Real-Time GRCREAL-TIME GRC EXAMPLEContract Pricing Policy:• Volume Discounts: Up to 49,999 units – $.10; 50,000 to 99,999 – $.08; 100,000+ – $.06.• Salespeople must submit volume estimate with initial contract.• Overstatements of volume by 20% or more trigger contract provisions and penaltiesfor salespeople.CURRENT PROCESSThe process works well from a financial controls perspective – sales orders are taken,goods shipped, payments collected but sales order volume is never checked againstcontract volume and policies are not enforced, resulting in lost revenue.ContractNegotiatedContractManagementSystemSales OrdersShippingCRM/ERP SystemAccountsReceivableREAL-TIME GRC ENVIRONMENTFUTURE PROCESS(Real-Time Enabled)Contract Validation 1Contract compared to prior yearvolume. Variances >25% fromprior year volume (for existingcustomer) or volume inconsistentwith customer revenue base sentto salesperson via workflow forvalidation/justification.Contract Validation 2Assess prorated contract volumeagainst actual volume on a periodicbasis for each customer. Variances>20% are reviewed by contractmanagement and consultationwith salesperson is held.Leveraging a real-time GRC environment, the policies are actively enforcedthrough cross-system validation of information against predefined businessrules. The benefits include consistent policy enforcement, revenue assurance,sales force education, and the enablement of full life-cycle contract management.32
Other characteristics of a robust enabling technology environment include:• Risk and compliance obligations are actively assessed and managed. The process ofaddressing risk and compliance obligations and ensuring new requirements is integratedinto the existing business environment and is actively managed. As new obligations areidentified, they are assigned to appropriate personnel for assessment, planning and action.A consistent process is applied to create, approve and update policies and procedures.The linkage between obligations, policies and procedures/controls is enabled to facilitateanalysis and reporting (e.g., the ability to determine which policies and procedures helpaddress privacy obligations).• Issues and incidents arising from non-compliance are actively identified, monitored andreported. Policies and procedures are applied, and events are identified and raised foraction. Capabilities within existing systems are optimised to identify events (e.g., EnterpriseResource Planning [ERP] applications are better leveraged for improved controls and exceptionreporting capability). Integration technologies are used to bring together information fromdisparate source systems in order to identify events. Technology is used to administer andmonitor risk control self-assessments and other surveys.• Accountability is built into the management and reporting of events. Business processmanagement and business rules engine technologies help ensure action by creating a “closedloop” environment. Traditional reporting is an “open loop” system – providing informationbut not requiring that action be taken. A “closed loop” environment assigns ownership andaccountability to each issue and incident, ensuring that action is taken.• Better information, more quickly delivered. From process metrics to key performanceindicators, information is available to all levels of the organisation in accordance withpre-defined information flows. Business intelligence technologies are leveraged to allowfor visualisation and analysis.33
Page 6 and 7: Governance Reforms: A Snapshot of R
Page 8 and 9: Through our research and client wor
Page 10 and 11: An integrated approach to GRC prope
Page 12 and 13: As shown in Figure II-2, a new visi
Page 14 and 15: In our view, a leading GRC capabili
Page 16 and 17: Integrating GRC into Core Business
Page 18 and 19: Interestingly, many of the technolo
Page 20 and 21: PricewaterhouseCoopers developed th
Page 22 and 23: • The organisation deploys proces
Page 24 and 25: Governance ProcessesIn order to exe
Page 26 and 27: Successful GRC Process IntegrationG
Page 28 and 29: GRC performance enables greater bus
Page 30 and 31: Cost ManagementThe term “Total Co
Page 32 and 33: Organisations face an abundance of
Page 36 and 37: Interestingly, in many organisation
Page 38 and 39: IV. The Governance, Risk & Complian
Page 40 and 41: The GRC Operating Model is both sca
Page 42 and 43: Envision Performance Driven by Inte
Page 44 and 45: Improve and Measure SuccessDevelop,
Page 46 and 47: The GRC Operating Model promotes op
Page 48 and 49: Implementing a sustainable reportin
Page 50 and 51: Appendix: Governance, Risk and Comp
Page 52: www.pwc.com/governance© 2004 Price

Integrity-Driven Performance. New Strategy for ... - GRC Resource

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?