The State of GRC: Should We Manage Controls?

by Bruce McCuaig, Director, GRC Product Marketing

Surveys suggest that more and more things seem to be going wrong. Either there are more risks than ever, or there are more “things.”

If there are more risks, then we need to examine our risk management practices.

If the risks are the same, but they’re happening in more places, then we need to examine our control management practices.

Managing GRC

The art of successful governance, risk, and compliance (GRC) management is looking in the right places for risks and doing the right things to respond to them.

In a recent blog on the Three Lines of Defence, I discussed the Three Value Questions. That discussion was intended to focus GRC professionals on the right “things.” Or in other words, finding the things that matter.

So let’s turn our attention to control management and away from risk management. Let’s assume we know where to look for important things that can go wrong and let’s examine our ability to respond to them. My working hypothesis is that we don’t respond well.

Is There Such a Thing as Control Management?

The first clue is the phrase “control management.” Is there such a thing in the professional literature? I have not found any reference to the concept of “control management” in either the Institute of Internal Audit Professional Practice Framework (IPPF) or the Public Company Accounting Oversight Board Audit Standard no. 5 (PCAOB AS5). Plenty of literature exists on “risk management,” little or nothing on “control management.”

Is this a mere oversight or is it a fundamental flaw? Let me ask it another way. Are internal controls a manageable dimension of the business and do we understand how to manage them? Among the questions we need to know (vs. believe) are:

  • How many controls are enough?
  • In any situation, which kinds work best?
  • What unintended consequences must be anticipated?
  • What is the impact of a set of controls on business performance?
  • How will technology help improve control effectiveness and drive down cost?

A New Perspective on Effective Control

Here’s an example of what I mean. For a number of years I was required to take daily doses of powerful prescription eye drops. Were the eye drops “effective” I asked myself? The manufacturer of the eye drops actually offered a money back guarantee (in jurisdictions where it was allowed) if a specific outcome was not achieved. That sounded reassuring. But looking further into the research that supported the approval of the medication I found some interesting statistics.

According to the research required to get approval for the drug, the side effects of the medication caused about 30% of users to miss 15% of their required doses. A small number, about 10%, stopped taking the medication entirely. A very small percent suffered severe side effects and were hospitalized.

Question: Was the medication effective? Yes or no please. No “opinions.”

Whenever I visited my ophthalmologist, he invariably said, ”Remind me what eye drops I have prescribed for you?” Eventually I figured out he was “testing” the control. If I couldn’t remember he would conclude I had stopped taking the drops.

I struggle to think of any internal control effectiveness opinion I have ever written or read that contained such an analysis.

My point is that when we can answer these questions, we will be “managing” controls.

What does the future hold? How will technology help?

Shifting to a Fact-Based View of Controls

Technology should enable a shift from a belief-based approach to control management to a fact-based approach. Continuous monitoring of all the variables we need should begin to provide a precise measure of how controls work, individually and in combination, what “adverse” reactions occur and why, and should tell us the number, location, and nature of controls we need.

I can’t imagine precisely the impact of technology on controls but I do foresee we will be managing controls, not just adding and testing them.

Imagine in your business an SAP HANA-based, cross-system analysis of all invoices processed last month anywhere in the world to scan for duplicate payments, coding errors, or other anomalies. Imagine getting the results in 30 seconds. What controls would you be able to eliminate in a procure-to-pay process? How would it impact on vendor selection and payment terms?

Apply the same tools to customer invoices and inventory management.

What “controls” can be eliminated? How will business performance be improved?

SAP HANA’s benefit is not just speed. SAP HANA allows fundamental change to take place.

That change will take place over time, but for now let’s turn to the 4 Quadrant diagram I introduced in my blog on the Three Lines of Defence. Let’s imagine the roles each Line of Defense will play in managing controls in the future.

Print

– See more at: SAP

Nice and Simple – 6 Super Sessions for SAPinsider

GRC

Financials

 

 

 

Fully refreshed and recharged after a slight break in event-related activity (see my earlier post regarding the SAPPHIRE NOW event), attention now turns to Nice in France, where the SAP solutions for Finance teams shall be heading soon to attend our next “major” of the season with the SAPinsider conferences. While containing a number of topic areas, my attention will be focused on two areas in particular, the Financials and GRC events.

I don’t know about you, but when attending business conferences I like to do a little bit of forward planning, so that I can get the most out of my time spent at the event – a little bit like planning a route around the Disney theme parks I guess, but with more time spent seated, rather than queuing and without all those people walking around in character outfits. But planning takes time, which many of us don’t have in abundance during our working hours, and so to help provide some focus I want to share my “ super six” sessions to see at SAPinsider, to give you a nice and simple start towards your event agenda.

6 Super Sessions to See in Nice

In selecting 6 sessions, I’ve kept things as simple as possible, focusing exclusively on customer case study sessions rather than the Keynote, or the Simple Finance, EPM and GRC roadmaps sessions which are all available too. But you can select these at your discretion at the SAPinsider website. Rather, I’ve chosen customer sessions because these are where you’ll get the inside scoop about implementing software solutions, from your industry peers who want to share their experiences with you. And in my opinion, customer stories like these are the most valuable of all the event sessions. So here they are my 6 customer stories for Nice:

  1. 16 June, 2.00pm: Cargill – large-scale finance transformation project
  2. 17 June, 8.30am: GlaxoSmithKline – rolling out SAP Risk Management across the organisation
  3. 17 June, 10.30am: Sonae Indústria – revamping controlling and corporate management reporting
  4. 17 June, 2.30pm: Gazprom Neft – using SAP BPC 10.0 to align consolidated and mgmt reporting
  5. 17 June, 4.45pm: Airbus – faster, simpler integrated financial reporting and planning
  6. 18 June, 10.30am: VCEAA – reducing segregation of duties conflicts

But of course that’s not all, and you certainly don’t need to follow the above sessions if you don’t fancy them – there are many more to choose from. But whether you’re interested in SAP Simple Finance, EPM or GRC customer stories, or want to hear from SAP on any of these topics, then you can build your own agenda to suit your needs.

If you’re in Nice this year, then I wish you a very successful and informative trip. I’ll be there too, so say “hello” if you see me. And I hope that my cross-Finance customer session suggestions in some way help to make your planning that bit more Nice and Simple.

6 Stories to Give You the Finance Buzz at SAPinsider

SAPInsider Financials Logo

It’s going to be a busy time this week for many of my colleagues and the visitors to SAPinsider Financials 2015 in Las Vegas, so I decided to give you my thoughts on some interesting sessions to see, if you’re attending, given that you’re spoilt for choice with such a comprehensive agenda. And I’m bucking the trend with this blog post – because instead of talking about products, I ‘m talking about customers and thought leaders, and in particular the stories that you’ll be able to see and hear at the event this week.

Excited yet? I am! And with good reason, because many valued SAP customers have decided to make the trip to Las Vegas to give an account of their experiences with SAP solutions for Finance…stories of implementation approaches, best practices, and where they have found business benefits.

So for anyone embarking on a software implementation project, or even just considering approaches to solving some of their finance department and process issues, these are key SAPinsider Financials 2015 sessions to attend.

Six in Focus – But Don’t Forget the Rest!

My six focus sessions are chosen not because I know the customer stories particularly well, but rather because they’ll give attendees a good flavor across a range of finance topics. And my apologies to the many other customers not listed here – whose sessions are equally as valuable – but I just couldn’t fit you all into one short blog post.

I would, however, encourage readers attending Financials 2015 to take a look at the many other customer-led sessions at the event this week, as well as those detailed here, just so that you select sessions that will be most relevant to you.

Ready to learn about some of the exciting sessions ahead? Then let’s go:

  1. Keynote address, TODAY, Tue 17 March at 8:30 am – Okay, it’s strictly an SAP-led session, but there’ll be a panel discussion in which thought leaders will be asked to give their view about challenges and opportunities facing CFOs. It’s sure to be an interesting discussion – and let’s face it, no-one wants to miss the keynote!
  2. Sun Products, Wed 18 March at 8:30 am – A session where you should learn some best practice advice on implementing credit, dispute, and collections management.
  3. Velux, Wed 18 March at 10:30 am – I really like the sound of this session, in which you’ll hear how Velux moved from a traditional to “beyond budgeting” approach.
  4. McKesson, Thu 19 March at 8:30 am – For anyone seeking advice on implementing SAP ERP Financials then this is a session for you!
  5. Bentley Systems, Thu 19 March at 1:00 pm – Hear how Bentley Systems automated and shortened the payment processing lifecycle with SAP Bank Communication Management.
  6. Telephone and Data Systems, Thu 19 March at 4:30 pm – This is one for those of you interested in financial consolidations, with particular focus on project planning.

Don’t Be Shy – Get Networking!

All of these customers are attending the event to share their knowledge and experience with you, and I know that if you have questions for them after hearing their sessions that they’ll be delighted to speak with you…so do take advantage of this in the event networking sessions.

And remember to also take a look at the full agenda, so that you can plan your sessions and make the best use of your time. I hope you have an interesting and informative week, and that you return to work buzzing with the excitement of the potential to put in practice what you have learned at the event.

Have a great week!

Simplifying Finance in an increasingly complex world – outlook on Financials / GRC 2015

SAPInsider Financials Logo

By Henner Schliebs, SAP. Originally posted on SAP Business Trends, 17 February 2015. Reposted with permission.

We all have read the new mantra multiple times: if we simplify everything – we can do anything. This holds true for the finance department more than ever, considering that the use of technology is key to enabling a real-time business process environment. There were some threatening results revealed in a recent study that the CFO magazine has published, like “80% of respondents would need easier to use technology if they’d wanted to meet their growth targets”. So, this latest shift in technology enabling true real-time processes will be the focus topic of this year’s Financials 2015 / GRC 2015 event hosted in Las Vegas in March (Wynn Hotel, 3/17-3/20, follow the discussion #Financials2015).

As there will be hundreds of sessions that show customer success stories, the latest and greatest in financial management, EPM, Analytics, GRC and Ariba solutions I would like to highlight the Simple Finance sessions so that you can build your agenda around those, especially given that any S4/HANA journey will start with Simple Finance:

  1. start with the keynote where Thack Brown will elaborate on the need for speed (aka real-time finance processes) and introduces some external thought leaders to the panel discussions around a modern finance organization. I won’t tell too much when mentioning that Thack will launch another important mile stone of Simple Finance to the public…
  2. one of the most compelling use cases of Simple Finance is the central journal, so this session lead by Carsten Hilker shows you how to non-disruptively start your Simple Finance implementation arriving at one source of the truth
  3. for those in need of a high-level introduction to Simple Finance I’d highly recommend Martin Naraschewski’s session about the roadmap to Simple Finance, where he will elaborate on the needs of a typical finance transformation initiative
  4. one thing that was highly anticipated by you all is more insight into Integrated Business Planning – your unique opportunity to natively connect EPM with your Simple Finance ERP system to allow planning, simulations and scenario modeling directly on your transactional data. Pras Chatterjee off course will show integration to the new Cloud for Planning solution as well
  5. new to the game is the Simple Finance Cash Management solution that is introduced by Christian Mnich, where he will give insights into how to better plan and forecast liquidity based on an integrated process leveraging your ERP / S4HANA system
  6. a dedicated session on the new Accounting solution will provide better understanding of the concepts of the greatest innovation since R/3 building the base for S4HANA. Stefan Karl will guide you through this
  7. want to learn how to get to Simple Finance? Join charming expert Birgit Starmanns and understand what to consider if you want to adopt Simple Finance including advanced predictive finance analytics
  8. join our partner John Steele at Deloitte when he talks about real-time finance processes and the role that HANA plays in this highlighting finance use cases like fast close, financial risk management or finance operations
  9. the experts from TruQua will deliver a thrilling session around the analytics that Simple Finance can provide in form of HANA Live content or via integration of SAP Analytics and EPM solutions. Dave Dixon’s presentation is a good example
  10. finally you’d want to learn about the fast close capabilities of Simple Finance where Stefan Karl walks you through how to become a world’s fastest closing company like SAP

Note there are many “hands-on”-like sessions on the Monday (3/6) as part of the Pre-Conference Workshops that deliver tremendous value for practitioners.

Please be sure this is just the Simple Finance top 10 – please be sure you also learn from customers how SAP Financial Management solutions helped them achieve targets.

Follow the discussion on twitter or facebook or SCN and please share your thoughts.

10 Things to See and Do at SAPinsider Financials 2015

SAPInsider Financials Logo

By David Williams, Head of EPM and GRC Product Marketing, SAP

We’re already well into 2015 and the first key event for the SAP EPM (Enterprise Performance Management) team, partners, and most importantly, our customers, is just about upon us. SAPinsider Financials 2015, hosted by Wellesley Information Services, and co-located with SAPinsider GRC 2015, runs from March 17 – 20 in Las Vegas. It’s one of the key annual events that features EPM-related content. Given there’s so much to see and do at the event, and I often get asked for an agenda of EPM content, I thought why not put together a list of 10 things to see while attending the event. Think of it as a checklist of don’t miss items/sessions. Here we go:

  1. Cloud for Planning, Cloud for Planning, Cloud for Planning. The latest and greatest cloud-based planning and analysis application has been available since February. Make sure to check out one of the many SAP Cloud for Planning sessions and demos to see why it sets a new standard for planning in the cloud
  2. SAP Business Planning and Consolidation 10.1, version for SAP NetWeaver. “BPC” continues to be one of the most widely deployed planning and consolidation applications on the planet. Discover what’s new in the latest release and see how BPC fulfills integrated business planning for Finance capabilities as part of Simple Finance
  3. Close to Disclose. Closing the books and disclosing results continues to be a highly-manual task for many. Discover how you can accelerate/automate the financial close to disclose in one of the presentation or demo sessions including a Jumpstart deep dive on March 16th
  4. Speaking of Jumpstarts, there are 6 Finance ones and these are a good way to get up to speed on subjects such as SAP Simple Finance, simplifying plan and report deign in SAP Business Planning and Consolidation, and the impact of big data on Finance and GRC security among others
  5. EPM solution center. Go deep into product demos with our solution experts across a range of topics including planning, consolidation and profitability analytics, while not forgetting of course the new SAP Cloud for Planning application
  6. Show floor demos. Have a seat and take a well-earned rest from all that walking around the show floor, while watching one of the EPM solution experts show you the latest and greatest product features
  7. Customer delivered sessions. For many the key attraction of SAPinsider is hearing our customers’ financial transformation stories, in their own words. In 2015 you can hear from Lexmark, Velux, Delicato, IDEXX, Telephone and Data Systems and Applied Materials among others
  8. Simple Finance. It’s bound to be a big draw, and so there’s a number of SAP Simple Finance focused sessions. But of course don’t miss the keynote address to hear about the SAP vision to help simplify finance
  9. Visit our partners. Why not take the opportunity to speak with some of our business partners at the event? This year you’ll find the event global sponsor PwC, premier sponsors EY, KPMG and Z Option, as well as Deloitte, itelligence and BlackLine among others
  10. Say hi to the SAP team. Really please do – we’d be delighted to meet you. There will be a number of our subject matter experts at the event that can discuss topics such as planning and financial consolidations

The complete agenda is available here. Safe travels to Las Vegas and if you’d like to meet send me a tweet @daveswilliams!

Is Your Company Ready to Tweet About Its Internal Audit?

Coffee-break with GameChangers

The role of internal audit is shifting by the second. No longer just a step in an overall business sanity check, this department is ready to become your company’s command center for risk – thanks to cutting-edge technology. During a recent SAP Game-Changers radiocast, panelists Paul Sobel, VP and chief audit executive for Georgia-Pacific LLC; Carey Oven, partner and leader for the internal audit transformation market offering in Deloitte and Touché LLP; and Bruce McCuaig, director of solution marketing for SAP solutions for governance, risk, and compliance discuss this burgeoning trend.

Move from manning your post to seeking opportunities

Sobel immediately tries to debunk the myth of the bean-counting auditor with no imagination, and Oven agrees. “I actually think internal audit can be very entrepreneurial. It can be very insightful and value driven because we have a very wide purview on business and what’s going on within our organizations.”

The need for innovation is definitely present. McCuaig describes a survey he conducted of about 150 auditors at the IIA International Conference in London. 54% of respondents believe that technology will fundamentally change how audit services are performed and measured – but only 14% said that the current audit management and analysis tools meet their needs.

So what types of tools could fill this gap? According to Sobel, it’s visual analytics in the form of dashboards. Instead of focusing on pure numbers, auditors must focus on ways to unleash the data and make it a powerful tool for management.

McCuaig concurs. “I haven’t seen anyone getting on a corporate jet reading a 13-page audit report. It’s important to distill down the information to a dashboard to help them drive insights. But simplicity takes a huge amount of work.” Such work can’t be completed without tech-enabled systems in which management must be willing to invest.

Outlining the responsibilities of management vs. the audit

As the role of the audit morphs, it becomes ever more important to make the distinction between what role the audit plays and what role management must play.

McCuaig believes it’s time to stop counting the number of audits performed and start measuring the amount of knowledge they create. As the role evolves into a command center for risk, he looks forward to redefining the role of the auditor as one that can be proactive rather than simply reactive.

Sobel emphasizes that management must determine the organization’s risk tolerance in order for the audit to provide maximum value. No company’s risk can be completely eradicated, so how much risk can a business tolerate? Management owns risk and must answer this question so auditors can focus on aspects other than risk – adding more value to their role and the company.

If risk tolerance is increased, “We start to pull away from the lengthy and laborious text-based audit reports and start to get into those quicker messages – whether it’s literally Twitter or something else,” says Sobel. “I think our value will come to fruition more quickly than perhaps it does even today.”

To learn more about how audit is becoming a command center for risk, listen to the full radiocast.

Is It Time for Two CFOs?

Coffee-break with GameChangers

Laurel and Hardy. Lucy and Ethel. Fred and Ginger. Dynamic duos can have quite the impact – far more than one person alone. Is it time for the office of the CFO to adopt this mentality? Finance insiders would say so, especially as they try to force the tipping point for moving operations to the cloud.

During a recent SAP Game-Changers radiocast, panelists Joshua Greenbaum, principal and founder at Enterprise Applications Consulting; David Dixon, partner and principal at TruQua Enterprises; and Neil Krefsky, senior director of product marketing for SAP Cloud at SAP, weighed the advantages of splitting the CFO job into two parts – one for compliance and one for innovation.

Why? “So we can ignore the former and stop driving financial innovation based on what a regulator thinks is innovative,” quips Greenbaum. He asserts that the office of the CFO is one of the most conservative places in the business. Until the CFO can get on board with and drive innovation, finance will continue to lag behind in cloud adoption.

Monitoring cloud turnover

Krefsky sees cloud adoption in finance happening in a sort of domino effect. He explains, “I think it’s going to be an evolution…as they [finance organizations] see adoption uptake, that will encourage them to uptake, but [who] is going to dip their feet into the water?” The water might be more enticing once finance organizations realize there is no tradeoff between staying compliant and moving to the cloud.

Companies of all sizes are now moving to the cloud, for reasons that include:

  • Greater accessibility
  • Lower cost
  • Innovative technology

The general success of SMEs bodes well for global corporations that might be reluctant to move to the cloud. Adds Dixon, “It’s just a tipping point…and, as more people adopt it, [there] will be more [of a] trust level. But really, I think it’s IT that needs convincing, because I think finance will just turn to [the] IT organization and ask, ‘Is it trustworthy? Is it safe? Is it secure?’”

Simplicity vs. complexity

Part of cloud adoption is walking a tightrope between simplicity and complexity – balancing the need for user-friendly solutions that facilitate self-service with the complexity of integrating your existing systems across a variety of different applications.

Managing this dichotomy would, theoretically, be easier with two CFOs in place. Greenbaum agrees, remarking that, “For innovation, I would want someone from the technology side – someone with a minimum of grey hair and a lot of crazy ideas. I think they need to be counterbalanced by the adult supervision from the compliance side, but I think we need a little bit of fresh blood in there.”

Do you think there is room for co-CFOs in the finance world? Listen to the full radiocast to learn more.