Last week we talked about 5 of 10 important issues facing risk and compliance managers in 2010. You can read part one here. This week we continue that discussion with the final 5 issues focusing on risk management investment, integration, reporting and more.
As a quick recap, here are the first five issues discussed in part 1 of 10 Important Issues for Risk and Compliance Managers:
- Regulatory Clarity
- Better Collaboration with the Business
- Robust Organizational Risk Culture
- Risk Expertise needs to start at the top
- Improved Risk Management Data Quality and Availability
6) Integrate Risk Management
Another major area of concern is how the constantly increasing and changing array of rules, regulations and industry standards is affecting existing processes and systems. In many cases, the technology solutions that support these processes are under extreme pressure and cannot adapt to satisfy the business needs.
Meeting these regulations and standards requires gathering and storing risk data over a significant time frame. It also requires integrated risk reporting of the data for easy consumption by internal and external constituencies such as senior management and regulators.
Businesses must evolve their risk management methodologies to meet these changing requirements. The goal is to establish an effective enterprise-wide risk management program that is flexible to respond to change and is tailored to an organization’s corporate strategies, business activities and external environment.
7) Invest in Risk Management
While industry experts predict that overall IT spending may be flat or down next year, a recent poll by we did found that over 89% of respondents believe investments in GRC technology will increase or at least remain the same in 2010, which may mean new opportunities for risk managers.
Industry analyst Chris McClean of Forrester recently published a study on 2010 GRC trends which reported that the economic recovery is opening new opportunities for risk managers. No doubt the current financial crisis and increased regulatory oversight are changing the way organizations approach governance, risk and compliance.
Companies are more focused on coordinating disparate risk management efforts to improve their visibility into the risks inherent within their business. Despite the economic slowdown, companies are willing to invest in technology to improve risk management capabilities -- which is a good thing for all.
8) Strong Reporting with Easy-to-Use Formatting
If nothing else, the financial crisis of 2008 has driven home the need to improve reporting to the organization regarding risk posture and exposure. While the value of strong reporting is clear, a few challenges remain, including cross-domain reporting; multiple reporting regimes; linking oversight with operating environment; and profile-based reporting.
9) Risk Applications that are Easily Adopted by the Business
One of the key themes that developed during 2009 was that risk management is more crucial than ever to organizations, and failing to deal with it is not an option. Companies are seeking ways to gain a more complete picture of risk, assess exposures across business lines and aggregate these into a firm-wide view.
In supporting adoption of risk management applications by the business, here are a couple of things to consider:
- Involve the business in the application selection and implementation process.
- Select a solution that can easily adapt to your methodology.
- Deploy a solution that is intuitive and easy to use.
- Focus on Usability first, User Experience second.
Providing a risk management solution that is easily adopted by your business users will be a key enabler for achieving actionable risk management: where risk and compliance activities are an integral part of everyday business operations.
10) Increased Agility to Respond to New/Changes in Regulations
While there’s a lot of talk about regulatory reform, we may be getting closer to actual regulation this year. President Obama, in his first State of the Union address, called for “serious financial reform.” As regulatory pressures continue to mount, and given that the regulatory environment will only increase in complexity, businesses that take a more practical, cross-regulatory approach to managing compliance will alleviate increasing cost and complexity while gaining valuable insight into risks to key business processes that could affect corporate performance in the form of legal action, fines and penalties or damage to company reputation.
This is where the need for “Increased Agility” comes in. Your risk and compliance processes will evolve over time to meet these changing business and regulatory requirements. Your GRC solution needs to be flexible and allow you to quickly adapt your risk and compliance management framework to meet changing requirements, while minimizing the impact on your business operations.
Be careful of solutions that either force you to change your processes or develop custom extensions to the software to meet new regulations or requirements. Changes to your methodology due to an inflexible technology solution will negatively affect your ability to incorporate integrated risk management into your business operations.