To meet the challenges of today’s business and regulatory environment, firms need GRC solutions which are specifically designed to engage the front-line of the business in the risk management process. Solutions need to be aligned to the language and tone of business decision-making and must enable the risk management process to be undertaken by the front-line as part of their day job.
Business requirements for next generation enterprise GRC
Post credit crunch, firms have had to adapt to a more heavily regulated business environment with increased risk management and regulatory demands from boards and regulators, while also re-shaping the business model and attempting to deliver profits and growth. To fulfil these competing demands, firms need to take a different approach to GRC with a solution that meets the following criteria:
1. Support the shift from a centralised to a decentralised approach to Enterprise GRC
2. Enable a firm-wide risk transformation
3. Provide firm-wide clarity on individual accountabilities
Support the shift from a centralised to decentralised approach to enterprise GRC
“Risk needs to be managed where it is taken”
While it may have been acceptable in the past to have a team that solely managed risk on behalf of the business, it is simply not the case today. Firms need timely, accurate and actionable risk management information on which to make strategic and operational decisions. This cannot be achieved without decentralising the risk management process and embedding it into the day-to-day responsibilities of the front-line of the business. Risk needs to be managed where it is taken and any enterprise or operational risk management solution must enable the business to take and manage risk with the risk team managing the process and supporting the business, rather than performing the daily activities.
Enabling a firm-wide risk transformation
Firms need business tools for business people
Firms need a solution that will act as a catalyst for enabling a culture change around enterprise and operational risk. Instead of ‘check-box exercise’ tools used and updated by the risk team with no engagement with business users, firms need business tools for business people. Solutions must easily fit with, and be aligned to, the existing everyday tools used by the front-line business users. They must enable users to quickly understand their role within the risk management process and undertake this role quickly and easily. Importantly the software should engage and provide immediate feedback to business users as they undertake their operational risk management activities.
Providing firm-wide clarity on individual accountabilities
Attention has shifted from the firm to the individual
As firms have become more complex, with matrix structures and multiple reporting lines, and as regulators have shifted their attention from the firm to individuals within firms, one of the challenges for many senior people is in understanding the full scope of the things they are accountable for. Clarity on accountabilities has greater importance and urgency with the introduction of the Senior Managers and Certification Regime which is demanding a ‘culture of accountability’ and will see individual managers facing fines and potential prison time if they fail to operate the bank in a sound fashion.