Companies that rely on traditional on-site audits and periodic policy reviews to manage risk are leaving the door wide open to stiff fines and losses to sophisticated fraud. These evolving risks demand a new approach. A combination of remote monitoring, more effective operating models, and analytics drives compliance, visibility, and productivity—at less cost than current risk management methodologies.
Modern companies face a serious conundrum when it comes to growth and risk. The wider the market opportunities, the more regulatory regimes that must be mastered. Increasingly, sophisticated technologies are being countered by ever-more-clever fraudsters. Sticking to the conventional combination of on-site reviews, periodic audits, and local policies can put a company at serious competitive disadvantage. Much better compliance and coverage are being achieved at much lower cost by companies that incorporate remote monitoring and related analytics in their operating models for risk assessment and management.
A clear, end-to-end view of each material process across the enterprise is crucial for understanding current risk levels. Without it, executives cannot see where risk lies or how decisions made for one function or location will impact the rest of the business.
The quality of internal and external data is crucial for sound risk assessment and subsequent decision-making. Timely, accurate data requires the right technologies to obtain it, the appropriate operating model to manage it, and detailed analytics to properly assess and use it.
Remote monitoring and analytics capabilities offer powerful countermeasures to threats. Enterprises today can track every part of their operations in real-time to spot fraud, noncompliance, bottlenecks, and information gaps and then correct deficiencies quickly and appropriately. Well-targeted technologies and an effective operating model provide the means to institute an analytics program that drives greater compliance, visibility, and productivity.
Better risk management begins with better technologies
New technologies enable companies to monitor and continuously assess more than they ever imagined. Excellent strategies for improving risk management tools include the following:
- Leveraging collaborative technologies such as WebEx, dashboards, and risk modeling
- Using tools for mining, analyzing, and presenting data to create actionable business intelligence. These tools can be deployed for the same—or less—cost than most current risk management programs
- Partnering with an experienced provider to leverage the partner’s broader experience with global risk models in various environments, geographies, and industries. Partners can also ensure that the right technologies are deployed along with comprehensive, standardized policies, deeper analytics capabilities, and experienced staff
These strategies can help reduce resource requirements while simultaneously providing the business with mechanisms to continuously assess risk and the company’s own efforts to mitigate it. One US-based business with a turnover of more than $20 billion performs controllership reviews for nearly 50 countries using a remote controllership team, with less than 10% needed for on-site travel by team members from the global controller’s organization.
Continuous compliance comes from effective operating models
For all the advantages, new tools alone are not enough. Complying with the vast web of regulations worldwide requires a controllership framework that provides coverage across the entire organization. Maximizing technological capabilities requires a more effective target operating model to ensure ongoing compliance with the new processes and policies.
The best way to obtain the necessary end-to-end view of current operations and policies is through:
- Industrialized operations and an agile, global target operating model
- A unified delivery structure so the company can easily spot and mitigate changing regulatory and other risks in smaller markets as well as in the company’s perceived “top ten.”
The new model must address four lines of defense that all have distinct roles in the overall effort and must be taken into account when building a comprehensive program. These lines of defense are:
- Process owners
- Internal audit teams
- External audits
The components of the most effective risk management models work together to address each player’s needs.
Industrialized processes: These cut across business lines and operational silos and clearly show how each process impacts the rest. This in turn highlights each player’s needs as well as the processes, data, and technologies that create and mitigate risk. This model also provides the deep process understanding necessary to identify which policies are working, where improvements should be made, what metrics can be tracked to ensure compliance, and which technologies will best support new, more effective processes.
Standardization: Ideally, the new tools will support standardized workflows and rule-based governance and control structures. These tools will enforce global standards and drive ongoing compliance with internal policies as well as external regulatory requirements.
Real-time risk assessment and reporting: Remote monitoring provides continuous access to real-time data across the enterprise and enables:
- Automated or specialized reporting for assessing the effectiveness of risk management efforts at all locations
- Detailed analytics that can spot performance gaps and behavioral trends, flag fraud and missed deadlines, and identify the proper intervention points for effective action
- More frequent audits, overcoming the problem of quarterly or yearly audits that can allow risk to grow unseen in between
- Lower risk of the new policies losing their effectiveness and leaving companies battling the same problems alongside new ones that arise as the business grows
One major US conglomerate with revenues of more than $150 billion achieved markedly increased assurance coverage by building state-of-the-art audit analytics. The program supports all the company’s distinct business lines as well as some of its regulatory compliance needs.
Analytics drive visibility, productivity, and compliance
With the proper technologies and operating structures in place, the enterprise is now prepared to reap the benefits of continuous remote monitoring.
Visibility: Platform agnostic analytics tools that pull data from the company’s entire disparate legacy systems worldwide provide continuous control and transaction monitoring that gives CXOs visibility into global operations in near real-time.
Productivity: The scripts that drive analysis operate 24/7 across the entire universe of data available to the enterprise, increasing coverage and reducing control gaps.
Compliance: Regulators are not driven by materiality; they are more focused on evidence of fraud, corruption, and non-compliance. Good, rule-based analytics scripts not only spot deficiencies faster but also reduce false positives that require human intervention because the rules for acceptable deviations have been well established.
Evolving risks require a new approach
Quarterly risk assessments and on-site audits can no longer keep increasing regulations and fast-evolving fraudsters at bay. The new technologies that remotely monitor and mitigate risk enable continuous coverage of a broader scope of operations and at a lower cost than before. CFOs should reevaluate their current risk management mechanisms and consider leveraging an experienced partner when performing initial risk assessments, choosing tools, and building new target operating models. An unbiased view of current operations and policies is crucial to building an effective model going forward—one that not only ensures the business is keeping up with changing risks but also prevents backsliding into non-compliance and a false sense of security.
Assessing risk is only the first step toward protecting the business. Remote monitoring lets companies continuously find—and mitigate—risk before it impacts the bottom line.
This paper was authored by Subhashis Nath, Global Senior Partner, Enterprise Risk and Compliance Services, Genpact
For more information, contact, firstname.lastname@example.org and visit, genpact.com/what-we-do/business-services/enterprise-risk-compliance