Governance chaos

Last week I attended a conference on governance, risk and compliance that was in part organized by SAP. It was an illuminating experience about which I will write more later. Sadly, the general impression I came with was one of disappointment.

Two great sessions, one covering the business value of going ‘green,’ the other dealing with corruption were poorly attended. I don’t understand why this should be so. On the one hand there is a great deal of attention being paid to green issues and we are starting to see public interest in the extent to which corruption in business impacts the lives of others. On the other hand, it is clear large companies are in the very early stages of understanding the concept of risk. Holly Roland, VP SAP global marketing made a telling point: “If you don’t have controls to track operational risk then you’re not in a position to know what risks you face,” the implication being that companies don’t have a strong grasp of the need to track risk.

In the same discussion, my colleague Vinnie Mirchandani said that he sees SAP as more closely aligned to transactions rather than the higher level risks that impact those transactions. Vinnie’s position opens up further discussion when taken in the context of recent events. Witness for example Prem Sikka’s dismay at the extent to which Big Four auditors are failing:

Why are we paying auditors millions of pounds in fees, especially as audit reports seem to have a shelf life of less than two weeks, and even auditors themselves apparently lack confidence in their own work?
Despite the rising financial gloom, auditors were silent on the subprime crisis. Now, in the middle of the credit crunch, they are found to have issued audit reports of little value.

Or what about Francine McKenna’s telling account on the lack of quality controls:

Go here for a podcast of the discussion. In it you’ll hear a panel describe how each of their umbrella firms does or doesn’t conduct inspections of affiliate firms all over the world (the Big 4 does, the next tier does or doesn’t depending and the next, next tier firms do not, depending on the local firms inspecting themselves and reporting back.)

Governance, risk and compliance can be a complex topic but if companies don’t have the support of their auditors who should – but apparently don’t – act as gatekeepers for even the most basic forms of business behaviour then to whom will industry turn?

I’ve suggested that while GRC looks complex, the broad issues are relatively simple to understand. I believe that software vendors like SAP are in a better position to start the action ball rolling than the auditors to whom they’d usually turn. That’s because they see the problems across multiple dimensions in ways that auditors cannot.

It’s clear that the Big Four have plenty of problems of their own to solve. Until they deal with their own quality credibility issues, it is difficult to see how they can hope to be seen as credible in offering GRC solutions or consultancy. SAP (and perhaps others) are not tainted in the same manner. That, combined with their ability to deploy hundreds of engineers to code the process issues makes them a solid candidate to get the job done. All they need is the confidence to find the right approach, something over which they’re currently debating internally.

Technorati Tags: GRC,risk,compliance,SAP,Big Four

GD Star Rating
loading...

Tagged as: Tax and Ethics

Dennis Howlett
Thanks for your comments Holly. My sense from speaking with a number of SAP execs last week is that GRC represents a solid opportunity to not only significantly grow the business, but also one around which to draw together the many threads that GRC implies into something that has genuine strategic value that positively impacts the bottom line. In other words a win-win-win, provided it is undertaken as a strategy and not just as a series of point solutions.

That's where I think the broader debate needs to start though I appreciate the difficulties of articulating something where the connections that exist between issues and the inherent risks of potentially competing initiatives is not well understood.

Holly Roland
Hi Dennis - I enjoyed our intense discussion at the conference last week. I agree that companies need to look to more automation of business processes and increased risk and control monitoring as an antidote to much that ails them. I should note here that the business of providing software for this very purpose is booming at SAP, so I think that we'll see positive trends in the years to come.

It's disappointing to see that only a few people attended our sessions on anti-corruption and sustainability, but this may be explained to some extent by the fact that we're in a new market -- never before has a software company been able to pull together the wide array of topics included under the governance, risk and compliance banner. Sustainability is a new topic for this crowd and the many technical sorts which attend this topic may not immediately see the connection between their segregation of duties needs and helping their companies with green initiatives.

I came away understanding that we're in a marathon, not a sprint, so the race will only be won with persistence, determination, and patience.

Governance chaos

Twitter Stuff

Recent Stories

Recent Conversations

Featured Stories

Innovation Stories

SaaS/Cloud Computing

Tag Cloud

Sponsored Content

Login Status

Links of Interest

Recognition

Interesting tidbits

Categories