COST-EFFICIENT RISK MANAGEMENT
LEVERAGES AUTOMATION AND RISK-INTELLIGENT STRATEGIES
TRANSFORMING COMPLIANCE TO KEEP PACE WITH AN AGILE AGENDA
2 I COST-EFFICIENT RISK MANAGEMENT LEVERAGES AUTOMATION AND RISK-INTELLIGENT STRATEGIES
While governance, risk and compliance
(GRC) is not always top of mind as
companies look to adopt an agile
business framework, being able to quickly
address change is a GRC threshold that is
increasingly critical for businesses to excel
in a dynamic competitive marketplace.
Modern organizations recognize the need
to focus on cost-efficient GRC compliance,
but many are falling short. Fewer than
half (48%) of internal audit departments
identify and monitor key risk indicators
(KRIs), according to a report from Institute
of Internal Auditors (IIA) report.1
Whether it’s the ability to predict emerging
risks, adapt to changing regulations and
business models, or execute automated
approaches, an agile GRC platform is
crucial to addressing the needs of the
business as a whole.
A lack of automation can hamper GRC
leaders from developing a longer-term
vision for establishing and adjusting
organizational strategies as business and
regulations warrant. “Organizations need to
institute rock-solid compliance processes
that will keep them from running afoul
of regulators. True GRC transformation
goes beyond simply checking off boxes
to be sure the company is compliant,”
stated Vikas Gopal, Global Managing
Partner, Finance and Shared Services
Transformation, TCS.
“ ORGANIZATIONS NEED TO INSTITUTE ROCK-SOLID COMPLIANCE PROCESSES THAT WILL KEEP THEM FROM RUNNING AFOUL OF REGULATORS. TRUE GRC TRANSFORMATION GOES BEYOND SIMPLY CHECKING OFF BOXES TO BE SURE THE COMPANY IS COMPLIANT.”
—VIKAS GOPAL, GLOBAL MANAGING PARTNER,
FINANCE AND SHARED SERVICES TRANSFORMATION, TCS
This white paper will address some of the challenges in integrating GRC into
an agile agenda, the benefits of a holistic approach to GRC transformation and
technology enablement, and best practices for implementation.
1. North American Pulse of Internal Audit: Defining Alignment in a Dynamic Risk Landscape
3 I COST-EFFICIENT RISK MANAGEMENT LEVERAGES AUTOMATION AND RISK-INTELLIGENT STRATEGIES
GRC data is often trapped in a silo, making
it difficult to manage and leverage risk and
compliance data for business intelligence.
Various departments and business units
are using manual tools and processes to
manage risk-related activities, which put the
organization at a distinct disadvantage.
Even when GRC processes are automated
to a degree, the tools are not being used to
their full potential. Artificial intelligence (AI),
machine learning, robotics and blockchain are
still being relegated to transactional processes.
AI in particular can be extremely valuable
when dealing with unstructured data such as
contracts, emails and other business documents
that are critical to capture when mitigating risk.
Beyond the technical challenges, poor change
management processes, and a lack of education
and subpar communication cause people to be
resistant.
In a related challenge, often the wrong people
are involved in the process. To further hinder
progress, the stakeholders who need to provide
input — including procurement and cyber
security — are often on the sidelines.
CURRENT CHALLENGES OF MANAGING GRC PROCESSES
4 I COST-EFFICIENT RISK MANAGEMENT LEVERAGES AUTOMATION AND RISK-INTELLIGENT STRATEGIES
Optimized and synchronized digital and human
workers drive down operating cost. Automation
alone won’t solve GRC issues, but humans and
digital workers can team up to free human
workers to focus on strategic initiatives around
compliance, such as new GRC business models.
“The key is to digitalize as much as possible so that
human workers can spend more time on growth
activities and less time on activities that can be
automated,” said Patrizia Wood, Global Lead of the
Risk Advisory Practice at TCS.
HOW AUTOMATION BENEFITS GCR
“ THE KEY IS TO DIGITALIZE AS MUCH AS POSSIBLE SO THAT HUMAN WORKERS CAN SPEND MORE TIME ON GROWTH ACTIVITIE AND LESS TIME ON ACTIVITIES THAT CAN BE AUTOMATED.”
—PATRIZIA WOOD, GLOBAL LEAD OF THE RISK
ADVISORY PRACTICE, TCS
5 I COST-EFFICIENT RISK MANAGEMENT LEVERAGES AUTOMATION AND RISK-INTELLIGENT STRATEGIES
Modern risk-intelligent strategies are
designed to contribute to top line growth
and working capital optimization. The risk
of non-compliance can be costly both in
terms of fines and reputation. Avoiding
fines is a key objective of compliance,
but the financial hits don’t stop there.
Bad press regarding risk and compliance
missteps can impact relationships with
stakeholders, investors, and vendors.
Reliable predictive insights are needed
to support C-suite decision-making and
help move from responsive to predictive
analytics. GRC activities are often viewed as
a reactionary function, as in the past it has
involved responding to audits rather than
avoiding regulatory scrutiny in the first place.
Leveraging robotics, quality data, and
intelligent agents permits greater volume of
control testing and audit scope, providing
greater assurance to stakeholders. This
frees up the staff to focus on more
strategic initiatives to improve processes
and ensure compliance.
The ability to bolster compliance
readiness was a key benefit realized
by a Canadian bank looking to comply
with the Sarbanes-Oxley Act for its U.S.
operations. The organization needed to
assess the effectiveness of the internal
controls for design and operations
readiness. The bank was able to
standardize and centralize its compliance
processes and achieve improvements
through the deployment of tools.
In the case of a U.S.-based firm providing
depository services to banks, mortgage
and insurance companies, they were facing
a lack of operational effectiveness and
processes regarding mandatory compliance
with Regulation Systems Compliance and
Integrity (Regulation SCI). Regulation SCI is
a set of rules created by the United States
Securities and Exchange Commission
to monitor the security and capabilities
of U.S. securities markets’ technological
infrastructure. By automating compliance,
the firm was able to identify gaps with
respect to Regulation SCI controls. This
resulted in a successful regulatory exam
with no findings. Other benefits included
process improvement through deployment
of tools, identification of automation
opportunities and operational cost savings.
LEVERAGING ROBOTICS, QUALITY DATA, AND INTELLIGENT AGENTS PERMITS GREATER VOLUME OF CONTROL TESTING AND AUDIT SCOPE, PROVIDING GREATER ASSURANCE TO STAKEHOLDERS.
6 I COST-EFFICIENT RISK MANAGEMENT LEVERAGES AUTOMATION AND RISK-INTELLIGENT STRATEGIES
When an organization determines that their
current GRC processes need to be revamped,
the CEO and CFO — who is typically charged
with mitigating risk — naturally need to be
involved. Successful transformation should
include all relevant business leaders.
As with all transformations, it is critical that the
GRC initiatives deliver value. The project scope
must adhere to a set of metrics that are be
delivered. In addition, those values must be clearly
articulated from the outset so that all stakeholders
understand the goals of the GRC transformation.
There must also be a clear plan for imagining
or reimagining GRC strategy, operations, and
technology enablement. They must be viewed in
a holistic fashion.
Applying the latest approaches to data manage-
ment and the use of data helps move from
responsive to predictive analytics and insights.
The plan should focus on providing efficient
and reliable GRC operations. Robotic tools are
uniquely positioned to deliver speed, volume, and
consistency of process, rules, and control execution.
Designing an integrated and intelligent
architecture will serve as the framework for
an agile GRC process. Cloud-based, mobile,
and hybrid architectures leverage the best
capabilities of machine learning, API strategy,
and intelligence to achieve targeted GRC
technology enablement maturity. Robotics,
quality data, and intelligent agents support
a greater volume of control
testing and audit scope,
providing greater assurance
to stakeholders.
Finally, change management
processes can help ensure
that the move toward an
agile GRC process isn’t
disruptive and achieves
widespread adoption. It
is important to track the
affects of cultural and
operational change to
maximize transformation
acceptance and ROI.
BEST PRACTICES TO DRIVE AN AGILE GRC PROCESS
AS WITH ALL TRANSFORMATIONS, IT IS CRITICAL THAT THE GRC INITIATIVES DELIVER VALUE.
IT IS IMPORTANT TO TRACK THE AFFECTS OF CULTURAL AND OPERATIONAL CHANGE TO MAXIMIZE TRANSFORMATION ACCEPTANCE AND ROI.
7 I COST-EFFICIENT RISK MANAGEMENT LEVERAGES AUTOMATION AND RISK-INTELLIGENT STRATEGIES
GRC leaders need insights that allow them to play an integral role in establishing and adapting
organizational strategy. Predictive analytics help with anticipating risks, understanding impacts,
adapting programs to embrace enlarging risk appetites, and maintaining stakeholder confidence.
Critically, strategically focused programs demonstrate a level of maturity that gains the confidence
of regulators’ confidence, which results in minimizing the financial costs of ongoing supervision,
fines and penalties.
GRC leaders must respond dynamically to continually changing market conditions and business
priorities. An agile framework integrating internal and third-party digital and human workers into
seamless operating models, is essential to success.
CLOSING THOUGHTS
ABOUT THE SPONSOR
Tata Consultancy Services is an IT services, consulting and business solutions organization that has been partnering with many of the world’s largest businesses in their transformation journeys for the past fifty years. TCS offers a consulting-led, cognitive-powered, integrated portfolio of business, technology and engineering services and solutions. This is delivered through its unique Location Independent Agile delivery model, recognized as a benchmark of excellence in software development.
For more information, visit www.tcs.com.