Integrated risk management

Integrated risk management, 2020, key findings

In 2020, The Risk Management Association and FCInsight conducted a survey of risk management, compliance, audit, and other business and GRC leaders on the state and maturity of integrated risk management (IRM).  272 risk management, compliance, audit, IT, GRC and business professionals qualified for the survey.  Of those, 180 were in banking and financial services and 171  or those were members of the Risk Management Association.  92 respondents were from industries other than banking and financial services.  

Download a full copy of the report

Considering the potential for different perspectives on IRM, the findings and results were reported in separate sections for the banking and financial services vertical and other industries.

Key findings for banking and financial services

  • 74% of respondents report they are integrating risk intelligence into business activities
  • Strategic planning and strategy execution are top objectives for IRM
  • Most respondents spend 25% or more of their time on ERM – true for all seniority levels
  • Respondents rated IRM as relatively mature, but only 12% were optimizing IRM
  • Business intelligence applications are more commonly used than GRC technology in IRM initiatives

Key findings for non-financial services industries

  • 66% of respondents report they are integrating risk intelligence into business activities
  • 80% report strategic planning as a top objective for IRM, but only 45% report strategy execution as one
  • Most respondents spend 25% or more of their time on ERM – true for all seniority levels
  • Respondents rated IRM as relatively mature, 16% claim to be optimizing IRM
  • Business intelligence applications are just as likely as GRC technology to be used in IRM initiatives 
  • The use of BI and GRC tools did not correlate to greater IRM maturity
Share
voting machines, cybersecurity, Iowa caucusses

Iowa caucuses and the Shadow app: A lesson in critical infrastructure

On Monday 3 February 2020, Iowans caucused at almost 1700 precincts across the state to select their preferences among presidential candidates.  Three days after the Iowa caucuses, the final tallies for the Democratic presidential candidates remained incomplete.  The popular press blames a technical glitch in the Shadow app, but accountability resides with party leaders and the Shadow app executives who allowed technology that had not been previously fielded nor fully tested to be deployed as critical infrastructure.

Continue reading
Share

Connecting the last mile of finance at Workiva Amplify

Key takeaway: Connecting financial close and compliance can help to relieve congestion in the last mile of finance, saving days or even weeks in producing financial disclosures.

Workiva Amplify was a hands-on summit. The majority of sessions in this 17-parallel-tracks summit were hands-on sessions with Workiva, and they were packed. And the attendees were younger than other conferences I’ve participated in over the years — not counting Scouting jamborees. I’ve been to conferences with a lot of buzz, but a conference of auditors, financial managers and compliance professionals with so much energy — I haven’t experienced that before.

Energetic attendees at rock concert one evening
Energetic attendees at a concert one evening
Photo: Workiva

… some companies lock up the key members of the accounting staff on the entire floor of a hotel room for a week

Throughout the summit, attendees were reminded of connected reporting, connected sheets, connected data, and linking. To get a handle on what Workiva means by “connected,” I attended a Workiva hands-on session on 10-K reporting.

For their 10-K preparations, some companies lock up the key members of the accounting staff on the entire floor of a hotel room for a week as they make the final changes of this critical report. Senior execs run room to room to make sure that everyone is in sync, and that changes made in one part of the report are also captured in other parts of the report. It’s a nightmarish week, and it’s also repeated on a smaller scale each quarter with the 10-Q reports.

Hands on sessions were the most attended
Hands-on sessions were the most attended.
Photo: Workiva

In the the hands-on 10-K session, the instructor took us through how to create hyperlinks throughout the document, like between the table of contents and various headings — ho, hum – I can do that in Word, right? Now, here’s what I can’t do so easily in Word — connected data. There are data links throughout the 10-K, and if I change the source data, it changes anywhere that data is used – and it keeps a record of those changes. So, let’s say I find an ERP error in data entry in the accounts receivable of a measly $10million. I correct that, and then it ripples through to anywhere that piece of data is used –perhaps in 15 different spreadsheets (Workiva calls them “connected sheets”), the 10-K, and even the presentation to the board.

… removing humans from boring, trivial tasks with cheap, smart integrations

No more do senior managers and executives chase down dozens of people to make sure they incorporate the change, and no more having to take out an annual lease of a couple of floors of a mid-town hotel for their sequestered accountants.  Plus, with all of this connectedness, data transfer errors are greatly reduced, thus reducing the chance of a misstatement.  I later attended a SOX reporting hands-on session – same thing.  This connected data and reporting made me think of the promises of robotic process automation (RPA), though, in the case of Workiva, the data and documents are either in the Workiva system or are connected through APIs, rather than an RPA tool.  Still, the benefits — removing highly educated humans from boring, trivial data transfer and manipulation tasks with cheap, smart integrations between enterprise applications — are the same.

The last mile of finance is the most congested…. It’s this last mile that Workiva is helping to run smoother.

A good friend at Gartner with whom I worked on several research projects, John Van Decker, called reconciliation, close and disclosure at end of the fiscal year the “last mile of finance.”  Running parallel to reconciliation and close in this last mile are the SOX and financial statement audits.  It reminds me of the most horrendous last mile on the Capital Beltway around Washington, DC, where the express lanes dump into the regular lanes just a mile short of the American Legion bridge crossing the Potomac from Virginia to Maryland.  It’s this last mile that Workiva is helping to run smoother.

And Workiva is not alone on the last mile challenge.  At Amplify, Deloitte announced a new strategic partnership with Workiva.  Speaking with Deloitte representatives, I learned that they are investing in building a number of targeted Deloitte-branded solutions on Workiva’s platform that they believe will further speed up the close process.

I’ve puzzled for years on why more GRC vendors have not invested in developing solutions for the last mile of finance, but for now, Workiva’s capabilities to link SOX compliance and audit to reconciliation, close and disclosure reporting, along with connected sheets and connected reporting are a solely Workiva differentiator in the GRC market.  Workiva would do well to invest in expanding its GRC capabilities beyond its basic SOX and audit solutions, and a very basic ERM application. With a broader GRC portfolio, Workiva’s internal linking capabilities could enable better connections between risk management, compliance, audit, third party management, IT security and other GRC functions.  And the linking capabilities to enterprise financial and performance management solutions could advance integrated risk management.  For instance, connecting performance management and risk management by linking KPIs and KRIs could bring critical insights to decision making on both the planning and execution of strategic business initiatives. 

Note: Workiva did not pay for this article; nor did anyone else.  The opinions and observations in this article are mine alone and not necessarily the views of Workiva.

Share

Trip report: Risk Summit highlights digital transformation and a tech start-up called PwC

On 27 and 28 March 2019, at PwC’s Risk Summit in Boston, PwC senior leaders and consultants in the risk assurance and consulting practices shared with their clients and over three dozen industry analysts their vision of how digital technologies are transforming both risk management and business performance.

Continue reading
Share

Time to put technology at the forefront of your GRC strategy

Having just finished analyzing the data and writing the report on the triennial OCEG GRC technology strategy survey, I stepped into the family room to see that my wife was watching a recent episode of Amazon’s Grand Tour — the season 3 Mo’town Funk episode. Jeremy Clarkson was test driving this fantastic new McLaren Senna. 

Continue reading
Share

Adding another piece to the puzzle of its GRC strategy, SAI Global is buying BWise from Nasdaq

Key takeaways

1 – The acquisition of BWise gives SAI Global a much needed boost to its competitiveness in the financial services sector

2 – SAI Global needs to assure BWise and Compliance 360 customers of its viability and ongoing support for both GRC solutions

Continue reading
Share

3 critical success factors for strategic risk management and 5 questions corporate directors should ask

The announcement from PG&E that the California utility will file for bankruptcy reminded me of a question posed a few years ago by the head of GM’s risk committee: “How do we manage strategic risks?”

Key takeaways —

  1. People can and do die from poor strategic risk management
  2. Due to blind spots in the risk vision of executives and directors, risks can emerge that unbalance corporate strategies and create existential events
  3. The critical success factors for strategic risk management include encouraging and rewarding risk awareness, creating goodwill with stakeholders, and building a strategic risk response plan

NASA’s ARIA team produced this map of damage to Paradise, California, from the Camp Fire, the deadliest wildfire in the state’s history. Image credit: NASA/JPL-Caltech

Continue reading

Share