By Thomas Frenehard, GRC Solution Management
Originally posted on SAP Analytics, 23 June 2015
Last week, SAPinsider held its GRC 2015 event in Nice, France and it was energising and fast paced! For those who couldn’t attend, I thought I’d share with you some of the great discussions I had with customers and also one of the announcements made that should be of interest to SAP’s GRC community.
Do More With Less
Of course this has been top of mind for many companies with the recent economic turmoil where resources are scarce and investments most often reduced to vital activities. But every customer I spoke with mentioned that their management is now asking them to increase their regulatory and operational efficiency coverage with “optimized options”. In essence, to do more controls with less resources.
It was motivating to hear feedback from customers who have already taken this path and leveraged their internal audit department to help. This showed that a true collaboration between the compliance team and the internal auditors can lead to the set-up of a sound and very efficient internal control system.
Three Lines of Defense
The three lines of defense was definitely THE hot topic at the event. And I could see the acronym 3LOD gain more and more traction, day by day. Many companies were interested in discussing how to align their operations, compliance, and audit departments. Interestingly, IT and business departments both mentioned this as a key (process) roadmap item for them in the near future. For business, the intent is to achieve the assurance level required by their executives and for IT departments the rationalization of the software landscape that would be brought with this approach was a definitive winner.
Operational Risk Management
Here I’m not referring to the banking Operational Risk Management (ORM) approach, but the intent to do risk management (identification, analysis and mitigation) at the operations or asset level. Having the ability to still be able to integrate the results in a wider Enterprise Risk Management framework so that a unique reporting of the company risk profile can be displayed at any time – without requiring lengthy manual risk consolidation.
It was interesting to hear the different opinions on what ORM is for each sector as there doesn’t seem to be a single – widely adopted – definition or approach. This is definitely one of the key points I took home that I’ll need to think about this summer!
Congratulations are In Order!
Last but not least, congratulations to EY and Integrc, two of our great partners in the area of GRC who have decided to combine forces. I wish them all the very best in the process! In conclusion, if you’ve never been, Nice is a lovely city, filled with history, beautiful landscapes, and delicious food. Associated with a great event, I have to admit that my week was far from being a punishment.
Note from the editor:
Thank you Thomas for this succinct wrap-up of GRC focus topics and discussions at the recent SAPinsider event in Nice.
Should readers of CFOKnowledge want to learn more about the GRC or Financials events, here are a few links to some excellent blogs from my colleague Derek Klobucher. I think you’ll enjoy them!