A MEGA eBook by Nicolas BETBEDER-MATIBET, Managing Director, MEGA Asia. He discuss the 6 benefits an organization can realize, when using an integrated GRC program, along with concrete examples of clients that have achieved success.
Citation preview
1. 6 Concrete Benefits of anIntegrated GRC Initiative A MEGA
eBook Nicolas Betbeder-Matibet, Managing Director, MEGA Asia - MEGA
September 2012
2. The Case for Integrated GRCIndependent Each function These
functions They interactassurance functions risk management, have
deployed together, butstrive to improve internal audit,
comprehensive with limitedprocess efficiency, compliance, and
frameworks based coordination andincrease business even business on
best practices few synchronizedperformance, and continuity in order
to meet their initiatives,reduce risk for the management goals
typically remainingorganization delivers a certain independent
value to the organization MEGA September 2012
3. Integrated GRC Increases Value Enhance process Increase the
efficiency and contribution ofOrganizations effectiveness of the
assurance functions toshould begin assurance functions business
performanceby establishing Reduce information Expand
collaborationthese basic duplication, improve between assurance
transparency, and functions and businessobjectives for an increase
control over groupsintegrated GRC data Reduce risk
throughinitiative Provide more centralized and cross- comprehensive
referenced information information and data across the organization
MEGA September 2012 and a shared single truth to support business
decisions
4. Integrated GRC INTEGRATED GRC Analysis & Reporting When
individual assurance functions are Risk Compliance Audit BCPM
integrated, they:Reporting Management Risk & Control
Centralized Data coordinate with business lines through business
architectureMapping Risk & Control Common Framework Risk
Process Compliance Process Audit Process BCPM Process are based on
a & Best Practices & Best Practices & Best Practices
& Best Practices common risk &Assessment control framework
Business Lines Interactions and Engagement and data Integrated GRC
Processes & Best Practices provide cross- MEGA September
2012Action Plan ISO, COSO ISO, COSO The Institute Business
Continuity functional analysis of Internal Audit Institute and
consolidated reporting BUSINESS ARCHITECTURE
5. 6 Concrete Benefits of Integrated GRC INTEGRATED GRC
Analysis & Reporting Risk Compliance Audit BCPM
BenefitsReporting Management Risk & Control Centralized Data
Consistent risk data & improved transparencyMapping Risk &
Control Common Framework Risk Process Compliance Process Audit
Process BCPM Process Best practices adopted & Best Practices
& Best Practices & Best Practices & Best Practices
Improved efficiency of assurance functionsAssessment Business Lines
Interactions and Engagement Smooth interaction with business lines
Integrated GRC Processes & Best Practices Collaboration between
control functions MEGA September 2012Action Plan ISO, COSO ISO,
COSO The Institute Business Continuity of Internal Audit Institute
BUSINESS ARCHITECTURE Engaged business lines/more risk
awareness
6. Benefit Consistent Risk Data & 1 Improved Transparency
Integrated The framework Centralization and GRC offers a is shared
by the standardization of centralized and assurance functions risk
data creates standardized data to empower transparency repository
based collaboration for executives, on a common GRC through re-use,
giving access to framework reduce costs consolidated through
sharing, reporting and guarantee consistency and completeness MEGA
September 2012
7. Benefit Consistent Risk Data & 1 Improved Transparency
Challenges Achievements Risk and control data Moved from five
Leading was fragmented and incomplete repositories Healthcare
duplicated: to two standardizes Organization in ones Central/South
Three risk repositories Maintenance costs for America Two control
repositories information reduced by more than 50%, Non-consistent
while data consistency framework improved Partial analysis Risk
overview reports MEGA September 2012 for executives were created on
top of consolidated repositories
8. Benefit Consistent Risk Data & 1 Improved Transparency
Challenges Achievements Control functions Using advanced reporting
One of struggled to provide capabilities, banks can: risk analysis
to support Southeast business decisions: Drill down to see risk
Asias Top exposure in multiple Banks Risk data not current ways
Could not do analysis in Can evaluate by different dimensions
product, legal entity, business line, process, risk type, and more
MEGA September 2012 Take into account ongoing mitigation action
plan and control assessment
9. Benefit Best Practices Adopted 2 Integrated GRC provides the
The initiative may mechanism to revisit current processes and
identify potential increase value by improvements by exploring the
implementing best successes of others in the practices that are
industry integrated with the GRC Creates momentum favorable to
solution as a starting effective change management and
implementation of new point, or as a target practices that improve
business for process/practice performance redesign MEGA September
2012
10. Benefit Best Practices Adopted 2 Challenges Achievements
Sought world-class Adopted world-class best practices in every
integrated GRC solution High Growth domain, but lacked to meet
goals Bank in capability to implement Moved quickly from no Africa
Goal was developing frameworks for change efficiency focus to
success in change culture to create management competitive edge
Improved operational Executives determined risk management to
create and sustain demonstrated value of MEGA September 2012 strong
growth adopting best practices Operational risk management
identified as top priority
11. Benefit Improved Efficiency of 3 Assurance Functions An
integrated GRC initiative When supported by an will automate low
value- added activities and increase integrated GRC solution,
productivity each assurance function Individually, each assurance
benefits from its own function will use specific set of automation
business capabilities to support capabilities to improve and
improve the efficiency and effectiveness of its processes the
management of its own processes MEGA September 2012
12. Benefit Improved Efficiency of 3 Assurance Functions
Challenges Achievements Audit team had 45 Improved file Leading
auditors in 40 countries management Managing audit through Optimal
management Worldwide email and office tools of 1000+ audit Energy
was inefficient and recommendations Provider costly Consistent
traceability Governance goals and follow-up for 3300+ could not be
met actions Gained ability to plan and manage 50 annual audit
missions Developed more MEGA September 2012 efficient resource
management Centralized all audit documentation Saved the cost of
2.5 FTEs
13. Benefit Improved Efficiency of 3 Assurance Functions
Challenges Achievements Operational Risk Report produced Management
group automatically and required to prepare instantly, saving 8
days Top Asian quarterly report for of effort Bank regulators
Decentralized data Team spent 3 days gathering supported
consolidating and 5 with validation ensured days validating data
for by business rules and report workflows in GRC solution MEGA
September 2012
14. Benefit Smooth Interaction with 4 Business Lines Business
lines demand An integrated GRC will efficiency through a
streamlined and non-disruptive collaborative reduce the idea that
process assurance functions One of the biggest threats to encumber
business success for assurance functions groups through a is to be
perceived by business coordinated approach to lines as a burden
assessment campaigns MEGA September 2012
15. Benefit Smooth Interaction with 4 Business Lines Challenges
Achievements Non-synchronized GRC Reduced workload Leading
processes created for business groups excessive information with
new common Financial demands for business assessment method
Institution departments that coordinates in Asia analysis campaigns
Business groups reluctant to cooperate New methods help in
providing information business lines provide because of excessive
needed information staff time and cost quickly and easily MEGA
September 2012 Better information available to business groups
through improved analysis
16. Benefit Collaboration between 5 Assurance Functions With
all assurance functions When supported by an involved in the
integrated GRC initiative, the program is a strong integrated GRC
solution, collaboration enabler the collaborative, Assurance
functions typically integrated environment identify and develop
even more supports and empowers interactions, creating significant
interactions between the advantages for the organization different
processes The value created through integrated GRC is greater than
the sum of the independent assurance functions MEGA September
2012
17. Benefit Collaboration between 5 Assurance Functions
Challenges Achievements Control functions Risk and compliance were
siloed with little groups initiated Large Middle
coordination/interaction interactions to prevent Eastern silo
effects Inconsistent and Conglomerate unsynchronized Modifications
of risk activities assessments triggers notifications for review
Unable to achieve enterprise view of risk Logging incidents and
compliance in one area sets off automated copying to MEGA September
2012 other areas
18. Benefit Engaged Business Lines/More 6 Risk Awareness By
integrating the risk & When supported by control layer within
business architecture, the integrated GRC a common solution,
solution positions risk exposure business lines and as part of the
criteria for assurance functions business performance share a
common This integrated approach business & GRC supports the
development of risk awareness within framework to align business
lines and facilitates business performance collaboration with
assurance objectives with GRC functions objectives MEGA September
2012
19. Benefit Engaged Business Lines/More 6 Risk Awareness
Challenges Achievements Fast growth and rapid Comprehensive
diversification required understanding of European process review
for overall business processes organization lets control functions
Financial and business process Conglomerate Company growth through
departments work jointly acquisition created to identify relevant
risks higher risk exposure and effective controls Business process
approach facilitated collection, analysis and review of
consolidated MEGA September 2012 information Reporting capabilities
allow board members and internal control committee to make informed
decisions
20. Goals and Benefits of Integrated GRC Objectives Benefits
Enhance process Consistent risk data & improved efficiency and
transparency effectiveness of the Best practices adopted assurance
functions Improved efficiency of assurance functions Increase the
Smooth interaction with business contribution of lines assurance
functions Collaboration between assurance to business functions
performance MEGA September 2012 Engaged business lines/more risk
awareness
21. In summary Objectives Principles Concrete Benefits Enhance
process Standardize & Common vocabulary and approach Consistent
risk data & efficiency and harmonize to key GRC activities
improved transparency effectiveness of the Best practices adopted
assurance Improved efficiency of functions Coordinate risk Risk
areas coordinate with one assurance functions another to afford
reuse and a areas portfolio view of risk Increase the Synchronize
GRC activities synchronize with Smooth interaction with
contribution of with business mainline processes to reduce business
lines burden on the business assurance Collaboration between
functions to control functions business Engaged business lines/
MEGA September 2012 Embed in GRC activities are embedded in
performance mainline processes and become part more risk awareness
process of the fabric of the business itself Integrated GRC
22. For more information, please contact us at
[email protected] www.mega.com - @mega_int Optimize Transform
Govern Design Manage optimized Govern transformations organizations
execution and growth and systems MEGA September 2012