Skip to Content

Post financial crisis GRC: what is it likely to require from BPX’ers?

As I write this post, we don’t know what the US reaction to the amended Wall Street bailout package will look like. The answer is expected to come this evening Eastern Time. What we can be sure of is that in the immediate post-crisis period, there will be a fresh round of regulation and oversight that is likely to spill over into many jurisdictions. That has important implications for GRC which has been an important aspect of BPX life the last few years. The question then comes, what should BPX’ers be thinking about now as the impact of government decisions and market reactions trickle through the various economies?

On 15th October, I will be hosting a session at TechEd Berlin to discuss this topic. Right now I am not wholly clear in my thinking so welcome all the input I can get. As a teaser and a way of stimulating thought around this topic I’m using this blog post to throw out a few thoughts and ideas:

  • BPX’ers tend to focus on the execution of what they believe is best practice, thinking mostly about the process components and how they fit together. Given the turmoil and so called ‘Black Swan’ events of recent times, is this entirely appropriate? Should we not spend more time focusing on the business issues themselves and articulating how they are solved?
  • The other day I had an interesting conversation with Ross Martin from Sabrix. This is a company that specializes in providing indirect tax management solutions. In short they make sure that regardless of the jurisdiction in which you trade, they will help keep you on top of the rules that govern which taxes need be applied. They are also an SAP partner. Ross made an important point when he said: “You can bet that governments will now try and tax anything that moves,” implying that government bailouts will use compliance testing as a good source of revenue. What else might BPX’ers anticipate and what is an appropriate response?
  • I am of the opinion that audit as we know it has failed. I am not alone in this view. That suggests our efforts to document controls have been less than successful. One reason could be that people literally dialled down risk thresholds. Another might be that people were able to walk around process steps. Whatever the answer(s), we need a fresh approach that concentrates on thinking about ‘controlling the controls.’ But how?

Some BPX’ers may consider this change of emphasis which I am suggesting as something that represents new challenges. I prefer to think of it as opportunities to add business value in the pre-process implementation (or amending) phase.I also see it as an opportunity to collaborate more widely with interest groups and partners in the ecosystem.

If these topics are of interest then please drop by and enter the conversation. There is much to explore and much to leaern.

UPDATE: I’ve added an extra session to the TechEd schedule that extends the initial session to a full hour on 15th October, 14:00, Lounge 1.Thinking more about the persons to which this will appeal, I’d encourage anyone engaged in financials, BI and strategic analysis to attend.

1 Comment
You must be Logged on to comment or reply to a post.