Of late, social media storms with controversy regarding executive malfeasance; Here in Australia, Commonwealth Bank CEO Ian Narev stepped down after apologising on prime time television for irregularities in processing insurance claims of dying and seriously ill clients. An on-going Royal Commission on the conduct of banks and financial advisors has led to the resignation of AMP CEO Craig Meller and Chairwomen Catherine Brenner on allegations of charging fees for non-existent services. CPA Australia’s board removed Alex Murray due to accusations of workplace bullying and misuse of funds for self-promotion. Bill Morrow of NBN has announced plans to step down at the end of the year due to operational issues and rising customer complaints.
The overarching theme for the resignation, removal or early retirement of senior executives is deficiency in Governance, Risk and Compliance (GRC) regime. Executives are so focused on profitability that some areas of governance are overlooked, which starts to erode the social contract of businesses to the community of care (do no harm), environmental preservation, and compliance to regulations. Backlash from the community could be unpleasant and swift. For executives and managers it could be a major career setback.
REORIENTATION ON GRC
The definition by Open Compliance and Ethics Group (OCEG) is relevant since it links the whole concept of GRC to ‘principled performance’ and not just following the rules, which we know have grey areas especially with innovative products, services and new business models. OCEG defines GRC as ‘the integrated collection of capabilities that enable an organisation to reliably achieve objectives, address uncertainty and act with integrity’. They further refer to GRC as ‘the people, process, technology and information that help an organisation achieve principled performance‘.
The failures of governance, risk and compliance to businesses come at a high price. Not just in financial terms but also in erosion of reputation and perceived value to the community. So what makes GRC challenging?
- Stakeholders demand high performance along with high levels of transparency.
- Fast moving & uncertain technology trends affect what your customers need and want.
- Regulations and enforcement are ever changing and unpredictable.
- Third-party relationships & risk is exponentially growing.
- Cost of addressing risks & requirement are spinning out of control.
- Harsh (& terrifying) consequences when threats and opportunities are not identified & addressed.
URGENCY FOR RELIABLE, COMPLIANT INFORMATION
Organisations address GRC with varying levels of maturity. At the most senior level, inclusion of independent company directors on the board, and segregation of non-executive and executive functions is crucial to engendering stakeholder confidence that the Chief Executive Officer is being held to account. The quality and scope of the internal and external audit functions help monitor and control compliance with regulations, policies and procedures. However, it is at the operational level, that risk management needs urgent focus.
Every critical business decision needs to be taken in the context of reliable information, in the best interests of the organisation, and its multiple stakeholders who include not just shareholders, but employees, partners, the community, the regulators, and the environment.
This is an onerous responsibility for executives – to both make the right decisions and demonstrate the basis for those decisions. Those decisions need to explicitly demonstrate probity in relation to:
- Lack of bias (toward age, gender, ethnicity, sexuality, or family ties)
- Lack of personal benefit
- Consistency with regard to corporate strategy, plans and budget
- Conformance to chart of authority approval limits
Key business decisions relate to the people you hire, the products that you introduce to the market and the partners with whom you engage. However, the decisions with the longest time lag of responsibility are the most critical. The impact of these decisions will only be felt many years after the fact, and often at catastrophic cost. Capital Asset expenditure is a prime example.
TAKING ADVANTAGE OF RECENT CAPEX TECHNOLOGY INNOVATIONS
As a digital technology consulting company, we contemplate our contribution towards how we can support the GRC initiatives of our clients especially in the area of capital (capex) asset management where issues of accountability and stewardship are fundamental. Capital assets comprise the biggest investment companies usually have to make. This is true particularly for those in capital-intensive industry like manufacturing, mining, oil & gas, waste management, transportation, etc. where business operations heavily depend on machinery and equipment.
Traditional fixed asset risks include over-paying for new equipment, under-utilising new acquisitions, unrecorded asset disposals, environmental issues, obsolescence or impairment of assets. Incorrect recording and valuation of assets is a major stakeholder concern that is often hidden by complex ownership structures designed to keep assets off the books, and incorrect valuation of assets acquired as part of a group purchase. Non-traditional fixed asset risks are unrecorded transfers between business units, and non-compliance to regulatory bodies in relation to registration and insurance. These risks are often poorly managed in traditional accounting systems that only include the quantifiable financial implications. The valuable analysis, conversation and approvals of the write-off or disposals are lost and discarded. This dismisses transparency and traceability in a huge part of the asset mismanagement process.
These are the areas in capital asset management where advantages in recent innovations can help companies become more adherent to GRC standards:
1. User interface designs should not only focus on usability but also on business rules and validations – users are only shown or allowed to action items or tasks that are relevant to them and are authorised to do.
- Request for asset acquisitions should only be drawn out of approved budgets from the same purpose and asset category and should not exceed the budget.
- Ensure justification and business case for asset acquisitions are enforced on the requests before submission.
Supporting documents according to the type of asset to be acquired should be attached before submission.
2. Workflows should have more approval transparency:
- Approval logs are easily analysed.
- Pre-defined approvers are automatically determined.
- After approval, follow-on tasks are assigned to participants to ensure completion of related activities (such as insurance maintenance).
- History of ownership and transfers approvals are captured and stored for greater accountability.
- Delegation are monitored and reviewed for appropriateness.
3. Mobility features to ensure visibility and timely action of assigned tasks for executive approvers who are always on the go.
- Ability for online and offline approval to reduce dependence on internet connectivity.
- In case of absence, tasks to be delegated according the pre-defined business continuity rules and contingency plans.
4. Post-evaluation mechanisms to ensure that business case for assets purchases are realised. In cases when not realised, the reason is captured and documented for future references.
DIGITAL PROCESS MANAGEMENT
Operational managers that control and monitor transactions are the first line of defence to ensure effective GRC practices over asset management activities. They also are responsible for implementing corrective actions to address process and control deficiencies. In today’s day and age, operational managers can leverage technological tools to support and make their activities more reliable in achieving their business objectives.
Digital process management is the layer of collaboration and approval that supports executives in making confident, effective, low risk and compliant business decisions. The most effective such systems are highly integrated with an organisation’s Enterprise Resource Planning systems to ensure that business rules are applied consistently, and that outcomes are optimised within personnel, schedule and financial constraints.
Implementation of a transparent workflow-enabled system for all critical business decisions including procurement, sales, asset lifecycle management and human resources is an important foundation for an integrated Governance Risk and Compliance framework that will allow executives to discharge their responsibilities with confidence.
Written by: John Datuin
John Datuin is a Senior Consultant – Business Analyst in the area of Finance and Capital Expenditure Management.