Friday, November 4, 2011

Leveraging Information to Align Risk and Performance - CM, per KPMG

Jim Littley from KPMG is talking about Continuous Monitoring (CM) / Governance Risk & Compliance (GRC) / Business Intelligence (BI) etc., and all of the alphabet soup of technology tools that can be used improve controls and risk monitoring. He observes that most large organizations have multiple initiatives related to acquiring and implementing tools and technologies for point solutions that assist in this area, but these are siloed and rarely linked together. He sees Internal Audit as a potential value-creator in this area.

Good points. We see Procurement teams with supply chain analytics, Finance with BI and macro-level analytics, and Internal audit with audit data analytics, ERM or Risk with survey tools for subjective risk assessment, sometimes all in the same firm. Ideally, macro-level analytics tools like BI should work together with the exception analytic tools in the CM world to provide a single, integrated review of risk.

Jim suggests we think of Continuous Monitoring as the first line of defense, and Continuous Auditing as the second or third line of defense. Using common data sources (i.e. a single source of truth) can lower the cost of acquiring data for each initiative, and improve overall quality.

Slides aren't posted (yet?), but I'll update this post with a link if they are made available.

No comments: