Home >Documents >COST-EFFICIENT RISK MANAGEMENT LEVERAGES AUTOMATION … · 2 I COST-EFFICIENT RISK MANAGEMENT...

COST-EFFICIENT RISK MANAGEMENT LEVERAGES AUTOMATION … · 2 I COST-EFFICIENT RISK MANAGEMENT...

Date post:22-May-2020
Category:
View:0 times
Download:0 times
Share this document with a friend
Transcript:
  • COST-EFFICIENT RISK MANAGEMENT

    LEVERAGES AUTOMATION AND RISK-INTELLIGENT STRATEGIES

    TRANSFORMING COMPLIANCE TO KEEP PACE WITH AN AGILE AGENDA

  • 2 I COST-EFFICIENT RISK MANAGEMENT LEVERAGES AUTOMATION AND RISK-INTELLIGENT STRATEGIES

    While governance, risk and compliance

    (GRC) is not always top of mind as

    companies look to adopt an agile

    business framework, being able to quickly

    address change is a GRC threshold that is

    increasingly critical for businesses to excel

    in a dynamic competitive marketplace.

    Modern organizations recognize the need

    to focus on cost-efficient GRC compliance,

    but many are falling short. Fewer than

    half (48%) of internal audit departments

    identify and monitor key risk indicators

    (KRIs), according to a report from Institute

    of Internal Auditors (IIA) report.1

    Whether it’s the ability to predict emerging

    risks, adapt to changing regulations and

    business models, or execute automated

    approaches, an agile GRC platform is

    crucial to addressing the needs of the

    business as a whole.

    A lack of automation can hamper GRC

    leaders from developing a longer-term

    vision for establishing and adjusting

    organizational strategies as business and

    regulations warrant. “Organizations need to

    institute rock-solid compliance processes

    that will keep them from running afoul

    of regulators. True GRC transformation

    goes beyond simply checking off boxes

    to be sure the company is compliant,”

    stated Vikas Gopal, Global Managing

    Partner, Finance and Shared Services

    Transformation, TCS.

    “ ORGANIZATIONS NEED TO INSTITUTE ROCK-SOLID COMPLIANCE PROCESSES THAT WILL KEEP THEM FROM RUNNING AFOUL OF REGULATORS. TRUE GRC TRANSFORMATION GOES BEYOND SIMPLY CHECKING OFF BOXES TO BE SURE THE COMPANY IS COMPLIANT.”

    —VIKAS GOPAL, GLOBAL MANAGING PARTNER,

    FINANCE AND SHARED SERVICES TRANSFORMATION, TCS

    This white paper will address some of the challenges in integrating GRC into

    an agile agenda, the benefits of a holistic approach to GRC transformation and

    technology enablement, and best practices for implementation.

    1. North American Pulse of Internal Audit: Defining Alignment in a Dynamic Risk Landscape

    http://theiia.mkt5790.com/2019_Pulse_of_Internal_Audit/

  • 3 I COST-EFFICIENT RISK MANAGEMENT LEVERAGES AUTOMATION AND RISK-INTELLIGENT STRATEGIES

    GRC data is often trapped in a silo, making

    it difficult to manage and leverage risk and

    compliance data for business intelligence.

    Various departments and business units

    are using manual tools and processes to

    manage risk-related activities, which put the

    organization at a distinct disadvantage.

    Even when GRC processes are automated

    to a degree, the tools are not being used to

    their full potential. Artificial intelligence (AI),

    machine learning, robotics and blockchain are

    still being relegated to transactional processes.

    AI in particular can be extremely valuable

    when dealing with unstructured data such as

    contracts, emails and other business documents

    that are critical to capture when mitigating risk.

    Beyond the technical challenges, poor change

    management processes, and a lack of education

    and subpar communication cause people to be

    resistant.

    In a related challenge, often the wrong people

    are involved in the process. To further hinder

    progress, the stakeholders who need to provide

    input — including procurement and cyber

    security — are often on the sidelines.

    CURRENT CHALLENGES OF MANAGING GRC PROCESSES

  • 4 I COST-EFFICIENT RISK MANAGEMENT LEVERAGES AUTOMATION AND RISK-INTELLIGENT STRATEGIES

    Optimized and synchronized digital and human

    workers drive down operating cost. Automation

    alone won’t solve GRC issues, but humans and

    digital workers can team up to free human

    workers to focus on strategic initiatives around

    compliance, such as new GRC business models.

    “The key is to digitalize as much as possible so that

    human workers can spend more time on growth

    activities and less time on activities that can be

    automated,” said Patrizia Wood, Global Lead of the

    Risk Advisory Practice at TCS.

    HOW AUTOMATION BENEFITS GCR

    “ THE KEY IS TO DIGITALIZE AS MUCH AS POSSIBLE SO THAT HUMAN WORKERS CAN SPEND MORE TIME ON GROWTH ACTIVITIE AND LESS TIME ON ACTIVITIES THAT CAN BE AUTOMATED.”

    —PATRIZIA WOOD, GLOBAL LEAD OF THE RISK

    ADVISORY PRACTICE, TCS

  • 5 I COST-EFFICIENT RISK MANAGEMENT LEVERAGES AUTOMATION AND RISK-INTELLIGENT STRATEGIES

    Modern risk-intelligent strategies are

    designed to contribute to top line growth

    and working capital optimization. The risk

    of non-compliance can be costly both in

    terms of fines and reputation. Avoiding

    fines is a key objective of compliance,

    but the financial hits don’t stop there.

    Bad press regarding risk and compliance

    missteps can impact relationships with

    stakeholders, investors, and vendors.

    Reliable predictive insights are needed

    to support C-suite decision-making and

    help move from responsive to predictive

    analytics. GRC activities are often viewed as

    a reactionary function, as in the past it has

    involved responding to audits rather than

    avoiding regulatory scrutiny in the first place.

    Leveraging robotics, quality data, and

    intelligent agents permits greater volume of

    control testing and audit scope, providing

    greater assurance to stakeholders. This

    frees up the staff to focus on more

    strategic initiatives to improve processes

    and ensure compliance.

    The ability to bolster compliance

    readiness was a key benefit realized

    by a Canadian bank looking to comply

    with the Sarbanes-Oxley Act for its U.S.

    operations. The organization needed to

    assess the effectiveness of the internal

    controls for design and operations

    readiness. The bank was able to

    standardize and centralize its compliance

    processes and achieve improvements

    through the deployment of tools.

    In the case of a U.S.-based firm providing

    depository services to banks, mortgage

    and insurance companies, they were facing

    a lack of operational effectiveness and

    processes regarding mandatory compliance

    with Regulation Systems Compliance and

    Integrity (Regulation SCI). Regulation SCI is

    a set of rules created by the United States

    Securities and Exchange Commission

    to monitor the security and capabilities

    of U.S. securities markets’ technological

    infrastructure. By automating compliance,

    the firm was able to identify gaps with

    respect to Regulation SCI controls. This

    resulted in a successful regulatory exam

    with no findings. Other benefits included

    process improvement through deployment

    of tools, identification of automation

    opportunities and operational cost savings.

    LEVERAGING ROBOTICS, QUALITY DATA, AND INTELLIGENT AGENTS PERMITS GREATER VOLUME OF CONTROL TESTING AND AUDIT SCOPE, PROVIDING GREATER ASSURANCE TO STAKEHOLDERS.

  • 6 I COST-EFFICIENT RISK MANAGEMENT LEVERAGES AUTOMATION AND RISK-INTELLIGENT STRATEGIES

    When an organization determines that their

    current GRC processes need to be revamped,

    the CEO and CFO — who is typically charged

    with mitigating risk — naturally need to be

    involved. Successful transformation should

    include all relevant business leaders.

    As with all transformations, it is critical that the

    GRC initiatives deliver value. The project scope

    must adhere to a set of metrics that are be

    delivered. In addition, those values must be clearly

    articulated from the outset so that all stakeholders

    understand the goals of the GRC transformation.

    There must also be a clear plan for imagining

    or reimagining GRC strategy, operations, and

    technology enablement. They must be viewed in

    a holistic fashion.

    Applying the latest approaches to data manage-

    ment and the use of data helps move from

    responsive to predictive analytics and insights.

    The plan should focus on providing efficient

    and reliable GRC operations. Robotic tools are

    uniquely positioned to deliver speed, volume, and

    consistency of process, rules, and control execution.

    Designing an integrated and intelligent

    architecture will serve as the framework for

    an agile GRC process. Cloud-based, mobile,

    and hybrid architectures leverage the best

    capabilities of machine learning, API strategy,

    and intelligence to achieve targeted GRC

    technology enablement maturity. Robotics,

    quality data, and intelligent agents support

    a greater volume of control

    testing and audit scope,

    providing greater assurance

    to stakeholders.

    Finally, change management

    processes can help ensure

    that the move toward an

    agile GRC process isn’t

    disruptive and achieves

    widespread adoption. It

    is important to track the

    affects of cultural and

    operational change to

    maximize transformation

    acceptance and ROI.

    BEST PRACTICES TO DRIVE AN AGILE GRC PROCESS

    AS WITH ALL TRANSFORMATIONS, IT IS CRITICAL THAT THE GRC INITIATIVES DELIVER VALUE.

    IT IS IMPORTANT TO TRACK THE AFFECTS OF CULTURAL AND OPERATIONAL CHANGE TO MAXIMIZE TRANSFORMATION ACCEPTANCE AND ROI.

  • 7 I COST-EFFICIENT RISK MANAGEMENT LEVERAGES AUTOMATION AND RISK-INTELLIGENT STRATEGIES

    GRC leaders need insights that allow them to play an integral role in establishing and adapting

    organizational strategy. Predictive analytics help with anticipating risks, understanding impacts,

    adapting programs to embrace enlarging risk appetites, and maintaining stakeholder confidence.

    Critically, strategically focused programs demonstrate a level of maturity that gains the confidence

    of regulators’ confidence, which results in minimizing the financial costs of ongoing supervision,

    fines and penalties.

    GRC leaders must respond dynamically to continually changing market conditions and business

    priorities. An agile framework integrating internal and third-party digital and human workers into

    seamless operating models, is essential to success.

    CLOSING THOUGHTS

    ABOUT THE SPONSOR

    Tata Consultancy Services is an IT services, consulting and business solutions organization that has been partnering with many of the world’s largest businesses in their transformation journeys for the past fifty years. TCS offers a consulting-led, cognitive-powered, integrated portfolio of business, technology and engineering services and solutions. This is delivered through its unique Location Independent Agile delivery model, recognized as a benchmark of excellence in software development.

    For more information, visit www.tcs.com.

    http://www.tcs.com
of 7/7
COST-EFFICIENT RISK MANAGEMENT LEVERAGES AUTOMATION AND RISK-INTELLIGENT STRATEGIES TRANSFORMING COMPLIANCE TO KEEP PACE WITH AN AGILE AGENDA
Embed Size (px)
Recommended