In last week’s blog ‘Digitization to enable continuous assurance!’ has been described what a digitized company looks like, providing TRUST on continuous base to external and internal stakeholders. PwC and Software AG are supporting their customers in improving maturity towards Continuous Assurance. The customer feedback in the international round tables so far were very positive. The key question is now how Software AG and her implementation partner PwC, can help enterprises in their digital Transformation gaining the benefits of Continuous Assurance.
What Transformations needs to be done?
Move from retrospective to predictive
In the past, control activities were executed at set intervals. As of today you need to be on top of things and you need to be NOW! Business decisions are made on a continuous basis, meaning that your monitoring and control reporting needs to be as well. A shift in focus is needed to start viewing your GRC activities as enabling your success in business performance and strategy execution. Risk and control information should not only be backward-facing but forward-looking and predictive as well.
Move from financial control to integrated business control
Where Risk reporting has grown reactively to each new risk and regulation, a rethink is required. Dashboards should be aligned to your business objectives, be sufficiently adaptable to emerging risk information but also stable enough to allow an underlying risk information reporting structure to be built with confidence. This includes moving from control of financial information only, towards integrated business control based on the information needs of all your stakeholders, both internal and external through a continuous dialogue.
Move from manual (classic) to continuously automated
Many organisations still rely on human efforts for their control environment, when in fact governance, risk and compliance approaches can be significantly automated and also provide more substantial data analysis. True comfort requires assimilation of large amounts of risk and compliance data. Fortunately, the use of process automation and continuous monitoring is far beyond the early adopter phase now.
Move from reactive to proactive
The causal factors behind ineffective risk information processes (increasing regulation and changing market conditions) are here to stay. A steady-state risk information framework is unlikely to address emerging risks and will also become sub-optimal if it fails to embrace new techniques. Effective risk information comprises effective capture of known risks, continuous review of tools and techniques to capture this information more timely and efficiently and includes mechanisms to best identify potential emerging risks for inclusion in the evolving risk framework. Big data solutions and detecting events (also outside the company) are key enablers here.
What you gain
- Stay on top of things, regardless of the size of your organisation. Decision making will be on a full disclosure basis, and by default, doesn’t need any second-guessing as it can be fully relied upon;
- Enhanced levels of assurance for all stakeholders, external and internal;
- A more effective as well as efficient risk management and internal control environment;
- Ultimately, you may even never have to think about risk and control organisation but have TRUST in your technology provider Software AG and implementation partner PwC.