Understanding, experience and technology for success
Leverage the platform based approach to streamline enterprise wide GRC programs
During the past few years, the global finance industry has seen an unprecedented surge in regulatory requirements, forcing a greater focus on the way organizations manage risk, especially financial risk. Regulators and credit rating agencies are demanding more transparency. At the same time, stakeholders and senior management are pressing for enhanced business value. Most firms have typically created fragmented and silo-based risk management and control programs. These siloed risk management programs are, however, not scalable; the technology supporting them is insufficient; and they do not merge into a common framework.
Recognizing the virtues of centralized GRC models, several forward-thinking institutions have already launched convergence efforts - integrating management of risk, compliance and control processes. The transition from traditional silo-focused systems to a holistic approach has plentiful benefits – streamlined risk and control programs; reduced input of time and resources; eased burden of corporate control units, such as internal auditors, compliance managers, and risk managers; and enabled multi-dimensional risk information for business intelligence. The endeavor, however, requires a well-communicated vision with clear roles and responsibilities. Need of the hour is a GRC solution that provides a clear, and unambiguous process for Governance, Risk and Compliance; and delivers a single point of reference for the organization to carry out these distinct yet entwined processes. Such solution is expected to synergize risk and compliance process leading to reduced cost and higher efficiency.
According to a survey, worldwide, GRC-related technology and services spending is expected to increase by more than 7% in 2008. The report, which surveyed 420 companies in the U.S., Germany and Japan, holds that demand for GRC services and consultants will rise nearly 22% as companies look for outside help in crafting their risk management strategies.
MetricStream offers industry’s most advanced and comprehensive solution designed to meet the GRC needs of the financial services department. The solution is based on an integrated ‘Enterprise Compliance Platform’ (ECP) for successfully managing risk, and meeting regulatory requirements while lowering the associated costs. ECP, a proven infrastructure for building GRC application, provides the core services to automate and streamline the GRC processes.
This paper describes the challenges faced by the financial services and banking industry while managing Governance, Risk, and Compliance separately. It details out GRC tools and strategies, and finally discusses how MetricStream addresses some of these core issues.
Risk Tools and Methods
Risk Maps: Summary charts and diagrams that help organizations identify, discuss, understand and address risks including financial risks by portraying sources and types of risks and disciplines involved/ needed;
and Self -Assessment to identify and assess risks; and
The operational environment for today’s financial services companies has never been more challenging. Companies are grappling with regulatory compliance requirements, market volatility, economic downturn, and industry consolidation as they face pressure to drive revenues and increase efficiency. Companies constantly look for better ways to manage and monitor compliance and controls process across the enterprise, eliminating any deviations and errors as well as redundant activities. Despite the growth of various technologies, finance managers continue to face challenges discussed below:
Most financial institutions are now looking to initiate multi-disciplined risk convergence process - aligning and consolidating certain control group responsibilities under a single point system. Implementing such a change, however, can be daunting. Many well intentioned corporate initiatives fall short. While defining the vision, it is critical that all aspects of the current risk and control management related frameworks are considered.
Building GRC Framework for Financial Services
While there is no ‘one-size-fits-all’ approach to integrating GRC, most risk experts expect that the GRC framework should not merely lead to compliance; it should also provide the financial institutions with mechanisms to better understand and manage the nature of risk. A robust GRC framework is made up of the following components:
Risk Governance: It is essential that management provides clear guidance on risk appetite or tolerance, policies, and processes for day-to-day risk reporting and management.
Structure: When designing an integrated GRC structure, the organization’s overall risk scenario serves as a guideline. This includes laying down a hierarchical structure that integrates the risk management function into existing strategic management and operational processes; leverages current risk processes; capitalizes on existing capacity and capabilities such as communications, committee structures, and existing roles and responsibilities; and establishes standard risk reporting format for business risk reviews.
Implementation: An ideal integrated risk management program enables organizations to efficiently identify, assess, and report risk-related information through different sources of information like risk assessment, risk and control self assessment, loss data collection, and key risk indicators. The comparisons between different sources of information on a consistent basis leads to the ability to carry out risk-audit activities, assess risks, draw more powerful conclusions, and prepare recommendations for risk mitigation. Few of important elements to be considered are:
Responding to Risks: When a risk event is identified and assessed, a decision is made concerning which response is appropriate for a specific event. So the next step is responding to the identified risks. This step involves setting desired results by defining objectives and expected outcomes for ranked risks; identifying and analyzing options to minimize threats and maximize opportunities; choosing a strategy to apply decision criteria; and applying the precautionary approach/principle as a means of managing risks.
Ensuring Continuous Risk Management Learning: Continuous learning is fundamental to more informed and proactive decision-making. It contributes to better risk management, strengthens organizational capacity, and facilitates integration of risk management into an organizational structure.
The MetricStream solution is designed to support integrated Governance, Risk, and Compliance framework within a financial services organization. The MetricStream Compliance Platform becomes the nucleus of a corporate governance ecosystem, coordinating all governance, risk and compliance activities throughout the enterprise via a single management system. The solution offers the following capabilities.
From the MetricStream's GRC framework discussed above, it seems clear that GRC initiatives are moving beyond static, compliance-focused activities to more proactive and timely risk identification and issue resolution steps. The next section talks about the key benefits that accrue by virtue of embracing the MetricStream's holistic GRC solution.
Financial organizations today need a systematic approach to defining and managing GRC initiatives. The MetricStream solution has enabled leading corporations in diverse industries to ensure transparent and holistic view of all GRC-related activities across the enterprise. Integrating these processes, the MetricStream solution brings tangible improvements in the company’s understanding of its risk profile, while easing out the business-line burden and the cost of compliance. While direct costs savings are significant, indirect savings are far greater.
The current economic downturn has turned the spotlight on the financial companies around the world to face the challenges of managing the GRC in a holistic and strategic manner. Most financial organizations today strive to establish risk and compliance architectures, develop risk intelligence, and implement GRC platforms, as well as centralized communication and training on corporate policies and procedures.
MetricStream brings you the best-in-class GRC domain expertise that will enable you to achieve the goal of managing GRC with confidence. The solution provided an integrated framework for deploying effective governance and risk management processes that address changing business needs, and enhance the ability of banks and financial institutions to react rapidly to adverse events. The solution ensures effective compliance, creates opportunities for cost savings, brings operational efficiencies and above all, gives the true status of a company’s exposure to risk.