BPO Thought Process

BPO Thought Process

Opinions expressed on this blog reflect the writer’s views and not the position of the Capgemini Group

Is It Time to Move to a Centralised Approach to Compliance?

Category : Risk and Compliance
It seems that Governance, Risk and Compliance in business has rarely had a higher profile. As it has become more newsworthy, business leaders have also been left more exposed than ever before.

Unsurprisingly, the cost and complexity of compliance has risen too, as organisations try to keep up with new legislation and plug the gaps in their existing processes.

Those are precisely the pressures that led us to develop a new, integrated approach to compliance. The outcomes of this globally standardised operating model are already becoming clear: greater control and real-time visibility at the centre, and the added benefit of significantly lower service costs.

Compliance may seem like an unusually ‘risky’ function to outsource. But I would argue that the need for guaranteed accountability and global consistency actually make outsourcing the only choice.

Centralised Control

For an international company, the compliance challenge is spread across different cultures, legal frameworks and industry subsectors. In addition, the different business functions will often have developed their own siloed approaches to compliance.

This can lead to a situation where Finance, Sales, and the Supply Chain, for example, are all addressing their own requirements in different regions or business units, even though there are obvious overlaps. At best this is inefficient. At worst, serious inconsistencies and patterns can go unnoticed.

The Silo Challenge

In our experience the transition to centralised control involves taking a more holistic approach. Teams in a ‘control centre’ take ownership of key risks that extend across the different functions. The tools we use can cover horizontal and vertical compliance issues. This means we can monitor certain regulatory risks across the whole business, or choose to drill down into just one, for example, the Supply Chain

The Holitstic Alternative

Once you reach the stage where responsibility is in one place, you can design and implement an integrated control framework that mitigates the risk whilst minimising the cost. This is enabled by one global technology solution to manage the business data and to automate reporting.

However, to get to this stage, and make the right decisions, demands a very special set of skills and change management capabilities.

Continuous Monitoring

Perhaps the most significant change in compliance is the shift away from periodic auditing to automated, continuous monitoring. The top performers have already made impressive progress here.

Across their organisations, they are able to track the kind of patterns and anomalies that normally spell danger, for example, a sudden spike in customer sales reversals, or an unusually high rate of early payments. The central team can then investigate these quickly and recommend action following the agreed standard procedures.

Global control scores help monitor and compare key performance indicators for compliance across the whole business so that an underperforming region or division really stands out.

Unsurprisingly, the cost reduction benefits of centralised, continuous monitoring are already proving impressive, and not just because it allows organisations to reduce and consolidate the number of people working on compliance.

It also makes auditing faster and less disruptive, because the evidence is instantly accessible. Furthermore you can actually get far more value and insight from an audit this way.

Action, Not Just Reporting

One of the main challenges is to ensure all this visibility translates into action – as opposed to simply becoming a ‘black hole’ of reporting. After all, some of the worst compliance failures of recent years were flagged at some point internally, only to be ignored.

It is not good enough just to automate against a background of poor processes or culture. We need to feed back to operating countries, asking the probing questions: why are there compliance failures? How do you translate reds and ambers on a dashboard into next steps? Who takes responsibility and ownership for ensuring this happens?

Business process outsourcers now offer a genuine alternative in this role, and we are already seeing this reflected in the work we do.

Risk and compliance will always be vulnerable to corner cutting and the erosion of good practice by people under pressure to hit targets. So transferring ownership away from the business to a team of people who are focused entirely on ensuring good governance (contractually obliged, in fact) makes sense.

About the author

Christopher Stancombe
Christopher Stancombe
2 Comments Leave a comment
I am truly benefited with more insights from this article. I have personally seen how a large corporation is benefited with this approach and as Capgemini we have brought loads of value add to the corporation with whom we are working on this space. As you rightly said, reports generated needs to be actioned else it will remain one among the thousands of reports that get generated.
Continuous monitoring and control monitoring are two components of the GRC solution we have developed that are quite attractive to clients and very effective. We are able to provide this solution (for the IT environments) to an external client and an internal client in the last few months.

Leave a comment

Your email address will not be published. Required fields are marked *.