Imagine if the finance function in an organisation had created separate accounting systems and separate departments for fixed assets, debtors, creditors, cash and sales ledger with no common hierarchy, no common cost centre structure, and no method of accurate consolidation of financial statements- in other words a series of isolated sub-ledgers, with no general ledger account structure. Under this scenario, which CFO would not identify the need and the benefits of an integrated financial general ledger accounting discipline and framework?
However, increasingly we are seeing sub-set risk management frameworks outside of a central operational risk framework which have evolved within our organisations in recent years, often as result of a business or function reactively implementing a new regulatory requirement, such as Sarbannes Oxley (Finance), Senior Accounting Office (Tax), FATCA (Tax), Anti-Bribery and Corruption (compliance).
In addition, the burden for an organisation to manage the recent additional regulatory requirements for organisations, such as CASS and MAR, is being further compounded by the impending comprehensive regulations e.g. SMR, GDPR etc. These initiatives often start with the best intentions led and managed by the area that owns the risk, but are in isolation of the other initiatives, and the enterprise wide risk management framework.
Although the organisation may have achieved regulatory compliance, these sub-set risk management frameworks (the risk types of which should already be included in an operational risk framework taxonomy) can result in significantly more cost to establish, more cost to run, result in duplicative, inefficient processes requiring more resource, more management oversight and at times, more risk.
The solution is to enhance your operational risk framework to an integrated, enterprise wide operational risk management framework.
Benefits of an integrated, enterprise wide operational risk management framework
- Efficient scalable framework– The integrated framework should result in a reduction in overall FTE required to manage each individual regulation, with cost savings due to repeatable standardised processes performed once and limited need for incremental spend with changing regulations due to ability to integrate future requirements within the same framework. The integrated framework should also result in less time spent in meetings, giving more time to managing the risks.
- Data enhancement– sub set frameworks established and managed in isolation will usually hold data with differing levels of quality and information. An integrated framework provides one standard data model, stored in one system, with the same level and quality of risk information. The greatest benefit of this is that there is then only one version of the truth, and one source of data for the MI.
- Improved MI for management decision making– consolidated MI-based on some metrics with end to end coverage of risks on individual and aggregate view of total inherent and residual risk by risk type and key controls.
- Improved risk governance– it provides management with a centralized view of compliance to all regulations, and end to end view of all the risks by either entity, process, risk type, or regulation. In addition, it brings more clarity to end to end accountability.
- Improved risk management– When using one standard methodology, it allows for identification of correlation between risks, and even linkages between risk and capital requirements. One integrated framework improves communication and coordination between business/functions to manage the range of risks, as a whole, and enables view of total inherent and residual risk by risk type and key controls.
© 1st Risk Solutions Limited- all rights reserved