“They understand that they need to break out of their silos. But they have a tick box approach when it comes to end-to-end processes. Even when they are visual, it’s Visio pasted into a Word document, with zero ownership by the business. So the most common response from the business is: ‘And you want me to maintain this as well?‘.”
The bottom line, as my friend pointed out, is that, in the jargon of risk management, the first line of defence in these organizations – the business managers in the line – is feeble.
And as Ernst & Young’s Thomas Huertas, a former Citibank MD and FSA Director, warned a GRC conference earlier this year: “If the first line assumes that compliance and risk management is someone else’s job, that’s a sure sign that the organization is headed for trouble.”
My friend pulled out his iPhone. “Look”, he said, “In the past hour, I have answered emails, checked how my team did yesterday, sent a text, bought train tickets, cancelled a flight, commented on a Chatter post and sent my aunt some flowers. And all within what you might call the Apple governance framework, which allows me to do all this but also determines much of what I can do and how. That’s what line managers need. A risk management and compliance framework that is embedded within support for real-time process operations. ”
It’s a rich metaphor. Each person in the organization has a corporate smartphone with easy access to the apps they need to do their work. It’s underpinned by systems but orchestrated by the process management platform, within which is embedded governance, risk management and compliance.
It fits too with recent advice from McKinsey that the integration of end-to-end process perspectives with real-time risk and actionable recommendations is critical to managing vendor and supplier risk effectively.
13 May 2013 Risk Intelligence and Smart Compliance