Skip to Content


You must be Logged on to comment or reply to a post.

    1. Former Member
      Things come at a cost – quality, compliance, pretty much everything that matters. I am keen to understand how does one decide how much of compliance should be built in to a process? For example – is there a benefit in putting an expensive compliance check in a low value transaction? probably not – but what if the volume of these low value transactions is very high?
      1. Former Member Post author
        @vijay – hate to say it but you’re taking a defensive position where BPX’ers should be promoting value delivery. If you’re in Berlin I’d be very happy to explain how the ESME team came together for that reason and how we continue to deliver value.

        I have a session 2-3pm 15th Oct in Lounge 1 to explore these issues. As they say – bring it on – this is an important debate. It’s all up for discussion though I’d like to think that BPX’ers will go away with action AND reference points. Regardless of their area of expertise.

        1. Former Member
          I guess we all have our different view points, Dennis. Now that you have mentioned ESME as the answer to two very different questions I posed, I will go read all of your blogs on that and see why I am not understanding these issues correctly.

          Unfortunately, I do not have plans to attend the Berlin event. But I will try my best to attend a future event where you will be presenting, and discuss this in person. I am very keen to understand the value (as in benefit predictably exceeding cost ) and scalability ( as in how we can predict the result that your approach will work in more complex enterprise size problems)of the approach you are presenting.

          1. Former Member Post author
            aaah – I see what you’re saying. OK – cost/benefit should always be assessed but should only be part of the equation.

            There is a concept of ‘cost of reputation’ where you expend on a process because it safeguards your reputation rather than designed to discover fraud and error. That’s much harder to assess from a direct benefit perspective but is ‘do-able.’ It is associated with risk reduction rather than compliance.

    2. Former Member Post author
      A valid point. My riposte. If that’s true then why do we continue to see a succession of restatements? What could BPX’ers offer as alternative solutions that strike at the heart of business imperatives?
  1. Former Member
    Hi Dennis,

    I picked up your message on GRC. Yes, the actual FSI crisis has to do with auditing, but not only. In my serious of contributions on business architecture I tried to indicate other areas of improvement within FSI. From a “workflow” perspective there are large benefits to be expected.  The 5th contribution contain the links to the other 4. Here the link: Business Architecture (5): big picture and roadmap

    Two weeks ago (after the Lehmann bankruptcy) I put some other lights on FSI in the blog on “people and IT behind the FSI crisis”. [original link is broken] [original link is broken]

    In the industry sessions in the clubhouse of TechEd Berlin I’ll have another session on “sustainability and csr”. The setup of that session will be different from the Las Vegas case due to feedback on different channels. To read more: Check out the industry recordings from TechEd Las Vegas!

    I’ll arrive Berlin on Monday 13:00 and will stay till Thursday.

    Have a safe trip to Berlin, kind regards Paul

  2. Former Member
    Hi, Vijay!

    Your questions are, if i frame them seperately are:

    1.How much compliance should be built into a process?
    2.How to decide?

    The premise is: Compliance costs.

    My first view is that the cost of compliance must be calculated and compared with benefits ,direct and indirect, both in the same terms of currency.
    Effect of non-compliance also may be calculated, taking all factors -direct and indirect- and compared with cost of compliance.
    Compliance generally means 100% in a civilized society.
    But certainly one is free to choose the level and be ready to face the consequence too in case of a contingent situation.

    My second response is a bit elaborate!
    Requirements of compliance are related to HR,Commerce,Environment,Occupational Health,Safety,Quality,Pricing,Reporting and so on.
    The requirements are administrative, technical, financial in nature.
    The requirements are different depending upon the sector one is in – mining,Pharmaceuticals,manufacturing,transport,hospitality,IT and so on..
    The companies are small, medium and large.
    They are public and private.
    Companies are start-ups, struggling, steady and soaring types.
    The requirements are regional, national and international requirements.
    Compliance in a company is addressed to unskilled workers,skilled workers,supervisors,managers,general managers,directors CEOs and the Board.

    There are several processes in a company – securing license to operate, recruitment process,procurement process,sales process,production process,quality assurance process,verification of health of employees,process for accident investigation, scrutiny of a fraud, annual reporting process and so on and so forth.

    Every process is governed by a rule, requiring compliance. The rules are made with a purpose.
    A company is legally treated as a person. In addition to having rights, the company is responsible to comply with the rules applicable.
    Certainly whether to follow and how much to comply is a function of convention, convenience,contingency,level of penalty,extent of incentive, one’s value system,trade off and so on.

    For example, in a process industry if emission level is required to be certain level and if the logic has to be set in the monitoring instrumentation, what must be prescribed? Less than the stipulated or same or more?
    In a recruitment process, if there is a requirement to appoint differently enabled persons and there is provision for three attempts, shall we postpone till the third attempt or fill it up in th efirst  instance?
    When a quality checking is carried out ,how much to comply with the rules?
    If an accident investigation has to be carried out how much compliance to requirements required?

    Such questions may arise at particulat time and may get a different answers depending upon the context.
    But when one specifies the quantum of compliance it would generally be 100%.
    That it costs to comply may not be factored in while making a specification for all time.

    Thirdly, from the above question it appears that ‘Compliance’ requires exposure to BPXs!
    This is my humble view.

    Sam Anbazhagan

    1. Former Member
      Hi Sam,

      That was an elaborate reply – thanks for taking time. But, from your reply itself – isn’t it evident that 100% compliance is a rather costly affair?

      Let me try to explain with a simplified example. Let us say that claims from a certain region are more subject to fraud than anywhere else in the world. Let us say one in 5 claims is usually fraudulent. Average claim is for $100, and there are say 10 claims daily in this region. Average cost of auditing each claim is say $50.

      In this case 2 out of 10 claims is risky. If you audit 100% before payment – you incur a cost of $500. Assuming you caught the 2 bad ones – and don’t pay them, you saved $200, but it is still costly since you spent $300 and the benefit was $200. Now if you had only randomly audited 2 out of 10, over a period of time – you would find the fraudulent cases most of the time – but there is a small chance than some fraudulent claims will go undetected.

      So is it still worth attempting 100% compliance? And who bears the cost of compliance? most if not all of it will get passed on to customers in some form. If it is not, then the shareholder is the one who suffers. Either way, who is benefitting?

      There are definitely cases where 100% is the way to go. I would think anything that affects the life and welfare of people significantly – pollution, disaster recovery funds utilization etc where the cost of compliance is not the right decision criterion. But not all compliance initiatives fall into this category – and we need better rules in identifying the suitable complince rules in each situation.


      1. Former Member
        Hi Vijay,

        Cutting a long reply short I would like to say that I did not mean compliance is costly affair.
        In fact I am working on ‘Going Beyond Compliance!’

        My basic premise is that self governance is best.
        If one is not allowing the rules to chase the company,the company would be at ease to concentrate on things of higher value and gain much more by spending time creatively.

        In your reply you have arrived at one criteria already.Working on same line you would be able to arrive at other guidelines too, Hpefully.

        Compying less than 100% would put the company at risk, may be low,medium or high. With this knowledge one may specify any level of compliance , but over a period of time 100% compliance would seem safer, learned iteratively.

        All the best!

        Sam Anbazhagan

  3. Former Member
    Hello Dennis,

    One area of compliance you have not discussed is tax in general and VAT compliance specifically. In the EU a corporate taxpayer has on average about 40% of its cash tied up in VAT (20% of its turnover and 20% of its spend). Any errors and none compliance can add up very quickly to thousands and millions of Euros in penalties, assessments and lost profits. Unlike other business costs VAT penalties are a direct hit to the bottom line. Conversely, any VAT savings are a direct add to the bottom line.

    Will you address in your session how SAP GRC can help with managing and controlling VAT compliance and its related costs?

    Best regards,



Leave a Reply