Last week, In Part 1 of this series, we outlined three key reasons why we built on Integrated Governance, Risk & Compliance (GRC) solution on SharePoint.
- Support the shift from a centralised to a decentralised approach to Enterprise GRC
- Enable a firm-wide risk transformation
- Provide firm-wide clarity on individual accountabilities
This week we add three more reasons for building our GRC solution on SharePoint. These are;
- Provide risk and compliance reporting that is aligned to other management reporting, not alien to it
- Be familiar and easy to use
- Deliver real, tangible business value
Providing risk and compliance reporting that is aligned to other management reporting
“Any business intelligence tool can connect to and interact with StratexPoint”
Too often risk and compliance reporting is a heavily manual process involving weeks of hand cranking information in spreadsheets with little or no time for undertaking analysis and generating insights from the data. It is characterised by counts of risks of different kinds, counts of risk events and counts of controls, but where is the trend analysis? Where is the comparison data between months and years? Where is the insight and commentary discussing the risk profile and what that means to the business. Where is its ability to operate within the strategic and operational boundaries it has set and what it means for its ability to hits its strategic and operational goals?
The use of Risk Management information should be aligned to other management reporting. It should be as automated as possible, focus on reporting trends and movements rather than static figures. And it should use visualisation methods and formats with are common from other management information processes such as; trend charts, RAG (Red, Amber & Green) and RAGAR (Red, Amber, Green, Amber & Red) within reports and on dashboards and visualizations such as trend charts, gauges and heat maps to engage and send clear signals to decision-makers.
One of the key weaknesses often expressed about previous generation risk software is the difficulty in getting anything meaningful out of the inputted data. This is one of the reasons that the StratexPoint solution includes Risk and Compliance reporting data which any business intelligence tool can connect to and interact with. It is also why the StratexPoint solution includes 40-50 standard reports and dashboards as part of the solution and a powerful ‘self-service’ dash-boarding capability which enables non-technical business users to create and customize dashboards ‘on the fly’ without having to contact IT or Risk specialists
Familiar and easy to use
One of the most common complaints about previous generation risk management software relates to the user interface. Typically, these complaints are for either a very technical user experience, or a very unfamiliar user interface, both of which lead to frustration and ultimately low user adoption. This often results in a single person in either the front-line or in the risk team being assigned the task of keeping the system up to date.
The user experience must be comparable to using other day-to-day applications such as the Microsoft office suite or interacting with SharePoint.
Delivering real, tangible business value
“Focus needs to be on the business agenda as well as the regulatory agenda”
Because of the increased regulatory focus on risk management, it appears that many firms are implementing risk management frameworks that respond to the regulatory agenda rather than the firm’s business agenda. While this is understandable, for any operational risk management solution to be adopted and become embedded within the firm, it must ultimately add real, tangible and demonstrable business value. Intangible value, such as improved transparency and improved risk culture, are important but they are not as powerful as a CRO reporting a 25% reduction in operational losses due to the front-line being able to detect potential loss events early due to high quality Key Risk Indicators. Or a £50m release of regulatory capital due to the firm being able to demonstrate that they have a high-quality risk management framework supported by a real-time solution with robust ‘business consumable’ risk dashboards and reporting which is underpinned by an accountabilities model that shows the process is truly embedded in the front-line of the business.