How can firms avoid pitfalls, secure quick wins and retain interest in the long term?
Pike and Spencer: The key early wins must be achieved at the C-suite level. Many of those involved in GRC projects attempt to get everything right before they deliver reports to senior executives. Instead, reports on the key risks to the business should be first, even if the data supporting them is sparse and/or missing. This will show the executives the sort of information they can get. When they ask for details or drill-downs and are told it is a later deliverable, they will then help to force the project along. The focus on the key risks and scenarios, and how they are related to day-to-day information in the GRC system, is the best way to retain interest in the project for the long term.
Ridgway: It’s essential to have a clear articulation of what we are trying to achieve. We have to be clear about the benefits and costs, and not exaggerate them. So you need to be able to answer the question ‘what does the firm need and when?’ by saying ‘we needed to do certain things because it was critical to us’. You need to draw a very clear distinction between the GRC project and the supporting system. We have found too many people fall into the trap of thinking it’s all about the latter. You shouldn’t assume the control functions all understand what the others do and how they fit together. You need strong leadership and governance with dedicated supporting resources, and there has to be a credible vision with a detailed supporting plan.
What are the benefits of putting together an integrated GRC platform?
Kapoor: Banks operate in an environment marked by growing uncertainty and opportunity in business outlook, customer-centric regulations, stricter regulatory supervision and rising costs of services. There is also the increased probability of rogue trading, operational lapses, internal fraud and personnel issues. Restoring long-term confidence in the financial services industry will require more than just government intervention, fresh capital and updated regulations, it will need more organisational transparency and higher collaboration. Internally, most institutions are operating in silos with disconnected systems and low collaboration among business units. Risk, audits and compliance are also running as disparate programmes. Exploiting the synergy between them can enable better collaboration, transparency, insight, governance and performance. A fully integrated solution that includes a common informational model, common understanding of risk vocabulary and collaboration will provide maximum benefits for the organisation.
Click here to view the article in PDF format.