The Economist Intelligence Unit surveyed 446 senior executives from nine industries about their views on how to improve internal financial processes.  The survey focused on companies’ attempts to streamline governance, risk and compliance (GRC) processes and the associated impact on the financial functions of the business.  The primary conclusion was that a holistic GRC system could be instituted as a value-added activity and would result in streamlined financial processes.  Trying to reduce costs and streamline financial processes as a bottom-up approach was not as effective and doesn’t fully assess risks.

This paper, published by The Economist Intelligence Unit, defines GRC as the way a collection of board and C-suite approved guidelines or policies are put into operation as a set of rules, processes, and controls.  The most effective use of GRC processes is to control risk and enhance decision making, by flagging management when things are not going consistent with these guidelines and policies.  In doing so, GRC provides a mechanism to monitor emerging risks affecting an organization.

Executives have been working for over a decade to streamline and harmonize their financial processes.  The survey found the top obstacles in many financial systems were the presence of too many manual processes, inconsistent methodologies, complex procedures, lack of visibility and accountability of tasks along the processes, and the use and generation of inconsistent or redundant data.  These obstacles make effective risk identification and problem solving difficult for executives, especially chief financial officers (CFOs).  A cost barrier was cited as the number one reason for not addressing these concerns.  Forty-eight percent of executives found converting to automated systems too expensive and over 30% pointed to cost concerns for failure to address the other top two issues; inconsistent methodologies and complex procedures.  But, more have realized that the costs need to be balanced against risks.  The failure to make needed changes to financial processes may actually be allowing risks to arise that are beyond the organization’s tolerance for risks.

However, some executives have found that incorporating these upgrades into a holistic GRC system can result in savings that exceed initial costs.  Automated systems and other control techniques can lead to cheaper audits, lower overhead, better business decisions, fewer instances of non-compliance, and prevent restatements of financials.

Despite some respondents’ hesitance to incorporate GRC best practices, 75% report using a holistic system and regularly including risk evaluation as part of the financial processes.  Over 65% report that the deployment of GRC practices results in better prioritization of controls and higher quality of decisions, and 56% have also seen efficiency in processes.  Further, when asked what initiative results in reducing poor decisions, the top response was “prioritizing controls based on risk” at 56%.

Awareness around the importance of evaluating risk as part of any business strategy has increased dramatically over the past ten years.  The effective use of risk analysis must be balanced with cost in a holistic approach.  Specifically, executives should be weary of out of date, incomplete, inaccurate or easy to manipulate data.

The article concludes that GRC is effective when the organization’s strategic direction is defined and constraints are set that include risk appetite.  Best practices to enhance risk assessment and implementation are listed:

  • Identify the full range of risks
  • Establish a risk management culture
  • Align controls with risks and embed into processes
  • Devise procedures for manual interventions
  • Consolidate and track controls to ease the auditing process

 

This article summarizes by noting that integrating GRC into financial processes provides an opportunity for organizations to be more proactive in addressing potential risks.

Read ERM articles as soon as we post them

Keep up-to-date with current developments in ERM. Subscribe to the ERM Newsletter.

Privacy Policy

ERM Enterprise Risk Management Initiative 2008-11-01