Four Strategies for Enabling Innovation in the Face of Risk and Compliance. By John A. Epperson and Clayton J. Mitchell

Similar documents
For a Smoother Tax Provision Close, Evaluate Processes Today

The Strategic Potential of Internal Audit

Data management meets the C-suite

Effective Risk Management With AML Risk Assessment. January 25, 2017

Enterprise risk management for consumer products companies

Internal Controls Dealerships Should Have but May Not Have Thought About

Risk Management Strategy

Leveraging IT risk management to boost competitive advantage

Operational Risk Management (#DOpsRisk) Solutions suite

An intelligent approach to unlocking value in service delivery transformation Focus on risk from the start

Crowe Activity Review System

Miles CPA Review: BEC Q Updates for 2017 Edition

CLAconnect.com/creditunions. Impact the Future of Credit Unions

Extended Enterprise Risk Management

The people dimension of amalgamations. Machinery of government The people dimension of amalgamations. Three part series

ISO Revisions. ISO 9001 Whitepaper. The importance of risk in quality management. Approaching change

Risk Advisory Services Developing your organisation s governance for competitive advantage

RELATIONSHIP MANAGER SCORECARD

CHAPTER 4 PRODUCT DEVELOPMENT LIFE CYCLE

Embedding Productivity Disciplines:

Getting Real About Creating a High-Performance Culture

Increasing the Intensity and Effectiveness of Supervision

SMG BTS WHITE PAPER. New Economy Leadership WHITE PAPER. SMG Strategic Management Group, Inc. 1

Trends Shaping the Bank of the Future

The future enterprise. A transformation road map for the automotive organization

Your unique family, our unique approach.

RSA ARCHER MATURITY MODEL: AUDIT MANAGEMENT

POSITION DESCRIPTION KEY RESULT AREAS

Cultivating a Risk Intelligent Culture A fresh perspective

Visionary Leadership. Systems Perspective. Student-Centered Excellence

Internal audit insights High impact areas of focus

Enterprise risk management Protecting and enhancing value Advisory

Digitaliseren van risico management

Framing the future of corporate governance Deloitte Governance Framework. Center for Board Effectiveness

Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation

How Will Your Bank Thrive?

Advisory on UNESCO s Enterprise Risk Management. Internal Oversight Service Audit Section. IOS/AUD/2016/05 Original: English.

Countdown to Day One Closing the Gap Between Due Diligence and Acquisition Integration

Resetting horizons Global Human Capital Trends 2013 Technology, Media & Telecommunications Industry

Presented by David Bischof SIOPSA 2016

Mitigating compliance risk Implications for global supply chains

A Strategic Approach to Bank Fraud

Turning Strategy Into Action: Why Many Organizations Are Not Fit to Deliver

Reimagining IT: Leading technology organizations into the future The Dbriefs Technology Executives series

Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

The Future of Sourcing Begins Now

Outsourcing transparency evolution

SOLUTION BRIEF RSA ARCHER AUDIT MANAGEMENT

Welcome to the postmodern era for public sector ERP

Revenue synergies in acquisitions In search of the Holy Grail

Bringing the power of the digital workplace to life. A guide on how UK businesses can drive digital adoption

A guide to the FMA s view of conduct

What Makes a Regulator Excellent?

Risk culture. Building great organisations and growing your foundation for success CAPABILITY STATEMENT 2016

Our Corporate Strategy Information & Intelligence

Crowe Activity Review System (CARS ) for Loan Review

KEY SUCCESS FACTORS FOR MAJOR PROGRAMS THAT LEVERAGE IT. The 7-S for Success Framework

IT Audit at Brown. A collaboration between the Information Technology and Internal Audit Teams

Proposed Attestation Requirements for FR Y-14A/Q/M reports. Overview and Implications for Banking Institutions

Volatility: the new reality Synchronize your supply chain planning to capture value in a volatile world

2017 Deloitte Renewable Energy Seminar Innovating for tomorrow November 13-15, 2017

Section 1: Background and Objective of this Policy. Section 2: Primary Aim for Mizuho s HR Management

Energy Get Serious About Strategic Planning

CAPITAL MARKETS HAS ALWAYS BEEN A PRIMARILY DIGITAL INDUSTRY WITH AN APPETITE FOR INNOVATION.

Today s CFO: Changing the game plan for tomorrow

Introducing ISO 22301

Extracting business value through operational intelligence

Planning and design for smarter cities

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.

Leading the Global. Next Decade Doing More with Less The Lean Internal Audit Model. Larry Rieger

See your auditor clearly. Transparency report: How we perform quality audit engagements

What are the common and unique Public Service competencies?

Understanding employee engagement after a corporate acquisition A global communications company. EngagePath client spotlight

ORGANIZED FOR BUSINESS: BUILDING A CONTEMPORARY IT OPERATING MODEL

KPMG N.V. Code of Conduct. kpmg.nl

Digital HR: Driving organizations to be digital, not just do digital

Session 4C: Model Governance: What Could Possibly Go Wrong? (Part I) Moderator: Dwayne Allen Husbands, FSA, MAAA

Collaborative Idea Management: A Driver of Continuous Innovation

Deloitte s High-Impact HR Operating Model: Business HR. Deloitte Consulting LLP

BOOSTING PERFORMANCE THROUGH ORGANIZATION DESIGN

SOLUTION BRIEF RSA ARCHER REGULATORY & CORPORATE COMPLIANCE MANAGEMENT

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

Agility to Compete. Manage Costs to Fuel Growth and Make it Sustainable

It s time to revisit your anti-corruption compliance program How to design an effective and defensible compliance program in response to global trends

Taking ERM to a. 6 GRC Today / October 2015

Engaging the workforce. Getting past once-and-done measurement surveys to achieve always-on listening and meaningful response

ACCENTURE & SAP SUCCESS FACTORS INVESTIGATE CAPABILITIES WORKBOOK. Imagine where we will go together...

Giving you clarity on your change programmes

PORTLAND PUBLIC SCHOOLS HUMAN RESOURCE SERVICES AND DELIVERY

Beginning a Business Sustainability Plan

Transforming the HR function for high performance. kpmg.com

Advisory Services Governance, Risk & Compliance

On the board s agenda US Winning with digital: What boards need to know about digital transformation

DAVID ADLER & ASSOCIATES

INTEGRITY MANAGEMENT CONTINUOUS IMPROVEMENT. Foundation for an Effective Safety Culture

Office of Information Technology (OIT) Strategic Plan FY

Core Values and Concepts

Human Resources Audit. XYZ Group

Transcription:

Four Strategies for Enabling Innovation in the Face of Risk and Compliance By John A. Epperson and Clayton J. Mitchell Audit / Tax / Advisory / Risk / Performance Smart decisions. Lasting value.

Four Strategies for Enabling Innovation in the Face of Risk and Compliance In the face of rapid transformation and digital disruption, perhaps one of the greatest risks organizations face today is the failure to innovate. Organizations increasingly are being challenged to innovate new products, services, delivery channels, and pricing and business models to meet customer demands. Yet, all too often, risk and compliance are perceived throughout many organizations as roadblocks to innovation and growth. To support innovation and enable change while protecting against risk, companies must have the right attitude and approach across business culture, strategy, and organizational structure. This checklist contrasts a forward-thinking approach to risk management with the practices that many companies have historically followed. Companies still sticking to conventional ways can take steps to help move toward a more progressive or forward-thinking way. Rather than being the no function, risk management and compliance can enable success when aligned proactively with core business strategy. 2 October 2017 Crowe Horwath LLP

crowehorwath.com 3

Four Strategies for Enabling Innovation in the Face of Risk and Compliance 1. Lay the Groundwork for a Strong Risk Management Culture A strong risk management and compliance culture is one that enables and encourages communication and collaboration, where business lines, development teams and engineers, compliance departments, and back-office operations are working toward a common goal. This type of culture is defined by the actions of those at the top of the organization, as company leaders must set an expectation that risk management runs parallel to all company initiatives. Here are some traits of a business culture in which risk management functions in the conventional way, contrasted with a more forward-thinking approach that supports innovation: Conventional Forward-Thinking Risk Awareness Risk and compliance is the responsibility of the second-line function Compliance is rules-based Risk and compliance are everyone s responsibility and embedded in the natural processes of day-to-day business Compliance is valuesand principles-based Entrepreneurial Spirit Customer acquisition and deep relationships are central Process improvement is most prized Rapid advancement of products, services, markets, and customers is central Transformation, incubation, and acceleration are most prized Behavior All failures are penalized Blame is assigned to failure Positive behavior is rewarded and recognized, even when resulting in failure Inappropriate behavior and treating customers unfairly is penalized 4 October 2017 Crowe Horwath LLP

Organizations seeking to update their risk management culture to be more forward-thinking should start with the following: Focus on the why. Shifting the why of risk and compliance from a regulation statement to an underlying noble cause encourages enterprise action. This purpose might be different for every company, but imagine a culture in which the core purpose of activities is to foundationally ensure every customer is treated fairly and humanely rather than a purpose focused on keeping the organization away from fines and penalties. Instill a collaborative approach to risk assessment. Companies should consider risk holistically, rather than in silos. Risk categories such as operational, compliance, and cyber should be considered collectively in terms of their contribution to the overall risk within the business. Reward positive behavior, regardless of outcome. Innovation and new ideas should be encouraged. This means rewarding the action of innovation, even when the result is uncertain or ultimately fails. Focus on ethics and values. Particularly in an environment in which a company is taking chances on new ideas, ethics and values must be central to the business and risk management strategy and activities. Ensure values are aligned with third parties and partners. Companies are held accountable for the actions of their partners, so alignment of values with all partners and third parties is imperative to establishing a strong risk management culture. crowehorwath.com 5

Four Strategies for Enabling Innovation in the Face of Risk and Compliance 2. Where Strategy Is Concerned, Put Risk Management in the Passenger Seat Companies can begin to form a more systematic approach to risk-managed innovation by incorporating formal risk prioritization into organizational goals, strategies, and budgets. Here are some traits of a business strategy in which risk management functions in the conventional way, contrasted with a more forward-thinking approach that supports innovation: Conventional Forward-Thinking Risk Appetite and Assessment Decision-making is ad hoc Risk assessment is static Business operates within a predefined risk appetite Risk continuously is assessed using data analytics and is monitored within strategic planning and governance and processes Business Opportunity Business adapts reactively to changes as they come Risk management goes it alone or serves in a consultative role Risk and compliance are cost centers Business is mobilized for the future Risk management is characterized by strategic partnership, collaboration, alliances Risk management, with a focus on ethics and values, enable business strategy Risk and compliance identify opportunities for the business to pursue External Environment Company adapts to new risk and regulatory expectations only as needed Risk and compliance are viewed as sound foundations to good business, resulting in fair treatment of customers and society 6 October 2017 Crowe Horwath LLP

Organizations seeking to update their approach to risk-managed strategy to be more forward-thinking should start with the following: Formally and transparently document risk appetite and tolerance. To accomplish innovation, organizations have to take some risks. Board members and senior management must set risk boundaries, and clearly articulate a level of leeway employees have to test those boundaries. Focus on networking and relationships within the entire ecosystem. Leadership should consider partnerships, both within and outside of the business, and whether they are embedding risk management in their decision-making. Incorporate risk and compliance frameworks from the start. Risk management considerations should be fundamental in strategic planning, rather than being tacked on at the end. Enabling risk and compliance in strategic planning might help illustrate any risks or compliance aspects of new products and services. Position risk and compliance management as a tool for increasing competitive advantage. Being compliant with relevant rules and regulations can drive better customer outcomes and growth opportunities. Organizations should harness the power of this competitive advantage, rather than viewing compliance simply as a baseline. crowehorwath.com 7

Four Strategies for Enabling Innovation in the Face of Risk and Compliance 3. Organizational Alignment An organization set up to facilitate risk-managed innovation has clearly defined roles and accountability and is structured using three lines of defense: line of business, risk and compliance, and internal audit. Here are some traits of an organizational structure in which risk management functions in the conventional way, contrasted with a more forward-thinking approach that supports innovation: Conventional Forward-Thinking Leadership Innovation is opportunistic, rather than systemic Innovation and strategy are a dedicated focus Roles and Accountability Effective Challenge Risk and compliance operate in silos Compliance and risk training are assigned based on functional role Risk managers write policies and respond to issues Internal audit tests legacy functions Lines of defense are coordinated and transparent Risk management and compliance training are offered holistically, across the company Risk managers challenge and provide advisory support to the business Internal audit reviews and challenges risk management functions 8 October 2017 Crowe Horwath LLP

Organizations seeking to update their organizational structure to be more forward-thinking should start with the following: Form a dedicated innovation function. People in the office should have clearly identified roles and responsibilities geared toward transforming business offerings and activities and focusing on innovation and risk management. Broaden the risk and compliance training program. Having an agile and flexible training program allows organizations to quickly train team members as needed and enables collaboration through diverse personnel. Create a coordinated, three-lines-of-defense communication plan. Line of business, risk management, and internal audit must work together in a coordinated fashion in order to manage risk without duplicating efforts. A document laying out the plan can help to align all parties around goals and objectives. crowehorwath.com 9

Four Strategies for Enabling Innovation in the Face of Risk and Compliance 4. Structure the Business for Change Enablement Organizations should integrate risk management improvements into existing practices to prepare for future shifts in risks and regulations. Here are some traits of a change management system in which risk management functions in the conventional way, contrasted with a more forward-thinking approach that supports innovation: Conventional Forward-Thinking Change Management Remediation of compliance and risk issues is reactive Risk and compliance issues are identified and supported through enterprisewide processes A change management playbook that anticipates possible future issues is used Stakeholder Relations Response to market is reactive and event-based Stakeholder relations are driven by the what and how Risk and compliance are agile in managing emerging risks Stakeholder relations are driven by the core purpose of the business and risk management strategy Resource Allocation Project teams are formed ad hoc Incubation and innovation are proactive 10 October 2017 Crowe Horwath LLP

Organizations seeking to set themselves up to effectively respond to changing risks and regulations based on a more forward-thinking approach should start with the following: Establish change enablement standards. Companies should create a playbook for innovation and change that includes the activities necessary for understanding the risk associated with the change and the required operational activities and controls necessary for execution. Mobilize diverse teams. Creating a team of staffers with a diverse set of skills, experience, and backgrounds will best position the company to respond as needed to change. Plan for resilience. Having plans in place that define organizational needs relating to change initiatives will enhance agility. Create formal incubation and accelerator programs with risk and compliance representation. These programs should be designed to create a safe environment that permits failure in the quest for innovation. Strategic Integration of Risk Management is Key to Innovation Organizations are losing out on certain business opportunities due in large part to conventional ways of thinking about risk, compliance, and decision-making. Just as transformation is affecting the products and services delivered in the market, new thinking and practices are needed as organizations ready their risk and compliance functions to adapt to this emerging and fast-paced environment. By strategically integrating risk management into core operations, companies can innovate and capitalize on business opportunities abundant in the marketplace while helping to protect themselves and their customers from harm. crowehorwath.com 11

Learn More John Epperson Principal +1 630 575 4220 john.epperson@crowehorwath.com Clayton Mitchell Principal +1 317 208 2438 clayton.mitchell@crowehorwath.com crowehorwath.com In accordance with applicable professional standards, some firm services may not be available to attest clients. This material is for informational purposes only and should not be construed as financial or legal advice. Please seek guidance specific to your organization from qualified advisers in your jurisdiction. 2017 Crowe Horwath LLP, an independent member of Crowe Horwath International crowehorwath.com/disclosure FS-18600-006A

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback