SB Partners logo

Ascending the Maturity Curve


John Chisholm on May 2, 2012 in Advice for Business Owners

Software provider SAP has provided SB Partners with VIP access to several noteworthy reports prior to being published publicly. We have promised to share those we believe will be of most interest to you. I recently reviewed Ascending the maturity curve: Effective management of enterprise risk and compliance, an Economist Intelligence Unit briefing paper sponsored by SAP. It is an excellent and thoroughly researched report and here are some of its highlights:

Few organizations manage risk and compliance activities consistently and efficiently despite recognizing the benefits of an integrated approach. To begin with, implementation is costly and complex and risk responsibilities span a wide range of activities. The results generally are a disconnected approach, with different departments setting their own policies and operating processes. Still, boards, regulators, rating agencies and investors are starting to look more carefully at risk and compliance.

In 2010 the Economist Intelligence Unit conducted a worldwide survey of senior executives from finance, risk, compliance and legal functions to assess the current state of risk and compliance management. Respondents were executives in financial services, healthcare, energy and utilities, logistics and manufacturing or the public sector.

Some key findings from research:

  • Companies may be underestimating the extent of their risk and compliance failures.
  • Risk and compliance management processes may appear to work well —until something goes wrong.
  • High-performing companies are more likely to have a consistent risk appetite.
  • Companies may not be learning the broader lessons from risk failures.

Increasingly, it seems, companies see effective risk and compliance management as a way of enhancing corporate performance and enabling strategy to be discussed and implemented from a position of greater confidence. By demonstrating publicly that they have an effective risk management and compliance program in place, companies should also find that they are more attractive to investors, customers and employees. Plus, they will more likely attract customers who want to do business with reliable, trusted and respected organizations.

While drivers of change may be important, there is no better impetus to encourage a proactive focus on risk and compliance than a shock—just as a once-burgled homeowner is more likely to seek insurance. However, more than one-quarter of respondents say that they fix their problem within the business unit, away from the scrutiny of the organization and their superiors. This approach does little to enable the company as a whole to learn from mistakes and put in place measures to prevent the same problems from re-occurring.

The road to implementation

When correctly implemented, risk and compliance management processes should lead to significant cost savings, derived from areas such as a reduction in duplication, the streamlining of processes and greater use of automated controls. Typically, effective and mature risk and compliance management doesn’t require a complete overhaul since it’s more about integrating existing processes.

Key role of technology

Technology helps organizations link disparate sources of assurance and automate the controls environment. It also helps ensure you get the right data to the right people at the right times. Technology also facilitates the automation of controls and compliance processes because without automation the costs of risk and controls can spiral out of control.

In conclusion, in addition to the traditional goal of meeting compliance obligations, companies see the investment in risk and compliance management as a means of aligning their risk and controls with broader strategic goals, building better relationships with stakeholders and enhancing overall performance. The findings from the survey and interviews suggest some action points for those charged with implementing these programs:

  • Help the business owners “own” the risk and compliance issues.
  • Think carefully about the messaging used when bridging the competing agendas of growth versus compliance.
  • Look carefully at steps towards greater automation of the controls environment.
  • Have a feedback loop in place.
  • Think about technology—but also beyond technology.

For a complete copy of this report click here to view it in PDF format (opens in a new window).