Sections

Three Lines of Defense: A Window For GRC In The Digital Boardroom

Bruce McCuaig

My colleagues and I have been blogging frequently about the three lines of defense. Surveys show that most of our customers around the world have implemented (or are planning to do so) the three lines of defense framework. 

What is not fully appreciated by most is that the three lines of defense is not an end result in and of itself. Implementing the framework is merely the stepping stone to a seat for governance, risk, and compliance (GRC) in the digital boardroom.

  • The three lines of defense has no purpose other than to build reliable information
  • GRC has no purpose but to provide a lens to manage the business

But two problems persist.

Problem #1: The three lines of defense don’t talk to each other

GRC professionals’ unspoken goal is to make GRC a manageable dimension of the business. Today, GRC professionals produce numerous varieties of exception reports, but all are in silos:

  • Heat maps illustrate risk but not the impact of risks on business performance
  • Reports on control effectiveness are silent on the risks they relate to
  • Audits are planned based on risks that are irrelevant to the business
  • None of the three pillars of the three lines of defense talk to each other, nor is there any attempt to reconcile their views or to ensure coverage is complete and accurate

The first step in making GRC a manageable dimension of the business is to create a reliable database of reliable information. That’s the job of the three lines of defense framework.

Problem #2: GRC data isn’t aggregated for reporting to management and the board

Management and boards deal in business strategy and performance. Traditional approaches to GRC don’t link to business objectives or the risks and controls that impact performance.

The second step in making GRC a manageable dimension of the business is to use technology to aggregate and integrate the data and provide a basis for managing GRC strategically.

Two proofs of concept

In the last few weeks, my colleagues in solution management, solution experience, and products have achieved breakthroughs. They have developed proofs of concept for reporting among the three lines of defense in our demo environment.

Our three lines of defense reports allow each line to review its contributions for quality and completeness and hand off their data for review, assurance, and reporting using standard reporting tools.

GRC in the digital boardroom

My colleagues have also demonstrated how the data created by the three lines of defense can be extracted and viewed. These two developments are true breakthroughs. But this blog is not the best medium to explain and illustrate the power of these proofs of concept. You need to see them in person.

They will be demonstrated at SAPinsider GRC2017 in Las Vegas, March 21-24. If you aren’t already planning to attend, these presentations by my colleagues are sufficient reason to register. I hope to see you there.

Learn more at GRC2017 in Las Vegas. Register here for SAPinsider GRC2017.

This article originally appeared on SAP BusinessObjects Analytics. It is republished by permission.

Comments

Bruce McCuaig

About Bruce McCuaig

Bruce McCuaig is director Product Marketing at SAP GRC solutions. He is responsible for development and execution of the product marketing strategy for SAP Risk Management, SAP Audit Management and SAP solutions for three lines of defense. Bruce has extensive experience in industry as a finance professional, as a chief risk officer, and as a chief audit executive. He has written and spoken extensively on GRC topics and has worked with clients around the world implementing GRC solutions and technology.

China Leads On Mobile Wallets — Will Others Follow?

Tom Groenfeldt

Mobile wallets have taken off faster in China than in the U.S., concluded a recent Forrester Research study. It found that 76% of metro Chinese consumers use mobile wallets or are interested in doing so, compared with only 36% of the urban online U.S. population.

The past influences the future, and as a fast-developing country, China has not had the payments infrastructure and regulatory legacy that developed in the U.S., said Brendan Miller, a principal analyst at Forrester.

“Incumbency is a factor. We have the highest penetration and usage of credit cards in the world, plus high debit card usage. As you go into other countries you will find they have alternative or local payment options, so consumers are used to using these methods like direct debit from a checking account and they avoid a lot of the credit card and interchange fees we have.”

Asia has smart cities and well-developed networks that are simpler than those in the U.S., where multiple levels of government make integration of payments and services more complicated.

Asia’s mobile wallet providers have the potential to gain the understanding of customers that department stores used to enjoy before the big brands replaced many store cards. “Nordstrom,  Kohl’s, Macy’s, Sears — all those retailers had their own private label credit cards for years and years,” Miller noted. “They provided a way of getting a better understanding of what consumers were buying, and a way to avoid credit card and debit interchange fees.”

The rise of Alipay and WeChat in China has been driven by the value the services provide for consumers. “First they made it super convenient for consumers to buy, and then they layered on additional services that consumers found engaging, such as gamification and the idea of sending gifts on the Chinese New Year — red envelopes — that got people engaged with the system.”

In the U.S., payments systems have made it convenient, but that’s the lowest rung on the ladder, Miller added. “Mobile wallet providers will have to up their game.”

Mobile payments with NFC have the potential to be faster than EMV, which Forrester expected would drive mobile payments. Miller said that when he presented to a group of retailers last year, they told him that hasn’t been the case. “Retailers haven’t updated their terminal logic. So when you pay with NFC you should be able to tap and have transaction process immediately. Instead, I get prompted for my debit PIN or a signature because the POS is using the old terminal logic and not running NFC.”

If a buyer provides a thumb scan in Apply Pay, no additional identification should be needed. “But it is going to take a while for retailers to reprogram those terminals to improve the flow at checkout.”

Retailers have been preoccupied with getting EMV to work right that they haven’t focused on the user experience with NFC, he added. “Right now NFC is not that much more convenient, and meanwhile EMV is getting faster. Visa and Microsoft have done a lot to speed those up.”

The Forrester study predicted mainstream mobile wallets in the U.S. will add customer engagement features. The Chinese may provide some examples.

Miller said that Alipay has made some announcements of partnerships with American payment processors, primarily with a focus on targeting Chinese consumers within the U.S., such as pushing adoption in place where Chinese consumers visit. The Chinese payment companies may have the potential to reach beyond the Chinese markets, he said, but the attitudes of U.S. consumers will be different from the Chinese. “This is all harder that anyone thinks is it. Everyone is disappointed by Apple Pay or Android Pay adoption. This is going to take time; payments is hard to do.”

Consumers won’t bother with mobile wallets until they see some extra value beyond what cards or cash can offer, like the ability to order ahead at Starbucks or Dunkin Donuts, or get recommendations or coupons while shopping. Alipay and WeChat have evolved into lifestyle platforms for Chinese consumers. Miller predicts space will open in the U.S. for third-party providers like Apple, Facebook, and Google that could merge their other customer engagement tools with a mobile wallet.

For more on this topic, see Survey: Mobile Payments Can Boost Growth And Profitability.

Twitter @tomgroenfeldt

Image: AP

Comments

Oxford Economics Research: Leading CFOs Have Become Real-Time Guides For The Entire Company

Neil Krefsky

The interim results from the latest Oxford Economics global survey of CFOs and finance executives are just in. With over 750 already interviewed – and another 750 to be interviewed in the coming weeks – one thing is crystal clear: Top CFOs are leading in the boardroom. They have become real-time guides that drive business strategy across the enterprise. But there is a big difference between leaders and laggards: The top CFOs use pioneering technology and Big Data to collaborate effectively with every function in the business and deliver the operational and strategic insights they need to be successful.

Finance has arrived

At nearly all the companies around the world responding to the survey, finance executives are involved in strategic decision-making outside finance, and over three-quarters of respondents agree that the finance function’s influence and activity is growing. The change, which has been talked about for so many years, has definitely happened and is widely accepted as a mainstream responsibility of the finance team.

Leading CFOs today are influencing major business decisions. The majority report that they have final decision-making authority or a high degree of influence over activities such as changes in the business model, entering new markets, new business partnerships, and technology investments.

And, as you would expect, optimizing risk and compliance management and optimizing working capital are closely tied as the top business goals for CFOs around the world. But, perhaps unexpectedly, driving strategic growth initiatives comes in second. Finance has truly moved from being an historic advisor to being a real-time guide.

Collaboration and data management

However, it isn’t all clear sailing. It’s clear that there is a big gap between those CFOs who are excelling at guiding their companies’ future strategy and those that are lagging behind. And the areas where this is most noticeable are collaboration and data management.

While finance departments have high levels of collaboration with risk management, compliance, internal audit, and operations, their collaborations with sales, HR, supply chain, sales, design/R&D, manufacturing, and customer services are considerably lower. However, where collaboration is occurring, two-thirds or more of respondents say it is effective.

At the same time, nearly all respondents cite increasing amounts of data as adding more complexity to the finance function, which is more than the number who point to regulatory compliance or new skill requirements.

Interestingly, those who can address the complexity of data management seem to excel at breaking down the traditional barriers and collaborating with other functions in the company.

Technology is really the only way of overcoming the challenge of data complexity and turning it into an enabling strength. This is borne out in the survey, with more than a third mentioning outdated technology as their biggest obstacle to achieving their business goals, and another third blaming lack of skills. A quarter cited manual processes.

By contrast, nearly all respondents rated Big Data, real-time analytics, and predictive analytics as being important for the finance function’s successful performance in two years’ time. In addition, training and technology were the top two activities respondents see as promoting collaboration between the finance function and other business units. And more than half are intent on providing better business analytics.

Discover what it takes to be a leader

The final research will be available in the next few weeks. By registering below for your complimentary copy, you can discover what leading finance executives have done to separate themselves from the rest of the pack and how you can become one of them.

  • Learn why improving collaboration with other functions is a priority
  • Understand where CFOs see the most room for improvement and what actions leading CFOs take
  • Learn why tech woes frustrate finance as much as regulations and budgets
  • Find out why technology is enabling finance to have a more strategic focus
  • Discover why additional data is adding more complexity to finance

Register now to get your complimentary copy and become one of the first to read the results of the full Oxford Economics survey.

Please join me and my colleague Judy Cubiss at SAPPHIRE NOW on May 17 at 3 p.m., for an interactive session, Take the Right Steps to Create a High-Performing Finance Organization. 

Follow SAP Finance online: @SAPFinance (Twitter)  | LinkedIn | FacebookYouTube

Comments

Neil Krefsky

About Neil Krefsky

Neil Krefsky is a Senior Director of Product Marketing at SAP Finance LoB Solutions. He is responsible for the development and execution of the product marketing strategy for SAP's solutions for the Finance Line of Business including: SAP S/4HANA Finance, Financial Planning and Analysis, Accounting and Financial Close, Treasury and Financial Risk Management, Collaborative Finance Operations, Enterprise Risk and Compliance.

The Future of Cybersecurity: Trust as Competitive Advantage

Justin Somaini and Dan Wellers

 

The cost of data breaches will reach US$2.1 trillion globally by 2019—nearly four times the cost in 2015.

Cyberattacks could cost up to $90 trillion in net global economic benefits by 2030 if cybersecurity doesn’t keep pace with growing threat levels.

Cyber insurance premiums could increase tenfold to $20 billion annually by 2025.

Cyberattacks are one of the top 10 global risks of highest concern for the next decade.


Companies are collaborating with a wider network of partners, embracing distributed systems, and meeting new demands for 24/7 operations.

But the bad guys are sharing intelligence, harnessing emerging technologies, and working round the clock as well—and companies are giving them plenty of weaknesses to exploit.

  • 33% of companies today are prepared to prevent a worst-case attack.
  • 25% treat cyber risk as a significant corporate risk.
  • 80% fail to assess their customers and suppliers for cyber risk.

The ROI of Zero Trust

Perimeter security will not be enough. As interconnectivity increases so will the adoption of zero-trust networks, which place controls around data assets and increases visibility into how they are used across the digital ecosystem.


A Layered Approach

Companies that embrace trust as a competitive advantage will build robust security on three core tenets:

  • Prevention: Evolving defensive strategies from security policies and educational approaches to access controls
  • Detection: Deploying effective systems for the timely detection and notification of intrusions
  • Reaction: Implementing incident response plans similar to those for other disaster recovery scenarios

They’ll build security into their digital ecosystems at three levels:

  1. Secure products. Security in all applications to protect data and transactions
  2. Secure operations. Hardened systems, patch management, security monitoring, end-to-end incident handling, and a comprehensive cloud-operations security framework
  3. Secure companies. A security-aware workforce, end-to-end physical security, and a thorough business continuity framework

Against Digital Armageddon

Experts warn that the worst-case scenario is a state of perpetual cybercrime and cyber warfare, vulnerable critical infrastructure, and trillions of dollars in losses. A collaborative approach will be critical to combatting this persistent global threat with implications not just for corporate and personal data but also strategy, supply chains, products, and physical operations.


Download the executive brief The Future of Cybersecurity: Trust as Competitive Advantage.


Comments

Tags:

How Digital Transformation Is Rewriting Business Models

Ginger Shimp

Everybody knows someone who has a stack of 3½-inch floppies in a desk drawer “just in case we may need them someday.” While that might be amusing, the truth is that relatively few people are confident that they’re making satisfactory progress on their digital journey. The boundaries between the digital and physical worlds continue to blur — with profound implications for the way we do business. Virtually every industry and every enterprise feels the effects of this ongoing digital transformation, whether from its own initiative or due to pressure from competitors.

What is digital transformation? It’s the wholesale reimagining and reinvention of how businesses operate, enabled by today’s advanced technology. Businesses have always changed with the times, but the confluence of technologies such as mobile, cloud, social, and Big Data analytics has accelerated the pace at which today’s businesses are evolving — and the degree to which they transform the way they innovate, operate, and serve customers.

The process of digital transformation began decades ago. Think back to how word processing fundamentally changed the way we write, or how email transformed the way we communicate. However, the scale of transformation currently underway is drastically more significant, with dramatically higher stakes. For some businesses, digital transformation is a disruptive force that leaves them playing catch-up. For others, it opens to door to unparalleled opportunities.

Upending traditional business models

To understand how the businesses that embrace digital transformation can ultimately benefit, it helps to look at the changes in business models currently in process.

Some of the more prominent examples include:

  • A focus on outcome-based models — Open the door to business value to customers as determined by the outcome or impact on the customer’s business.
  • Expansion into new industries and markets — Extend the business’ reach virtually anywhere — beyond strictly defined customer demographics, physical locations, and traditional market segments.
  • Pervasive digitization of products and services — Accelerate the way products and services are conceived, designed, and delivered with no barriers between customers and the businesses that serve them.
  • Ecosystem competition — Create a more compelling value proposition in new markets through connections with other companies to enhance the value available to the customer.
  • Access a shared economy — Realize more value from underutilized sources by extending access to other business entities and customers — with the ability to access the resources of others.
  • Realize value from digital platforms — Monetize the inherent, previously untapped value of customer relationships to improve customer experiences, collaborate more effectively with partners, and drive ongoing innovation in products and services,

In other words, the time-tested assumptions about how to identify customers, develop and market products and services, and manage organizations may no longer apply. Every aspect of business operations — from forecasting demand to sourcing materials to recruiting and training staff to balancing the books — is subject to this wave of reinvention.

The question is not if, but when

These new models aren’t predictions of what could happen. They’re already realities for innovative, fast-moving companies across the globe. In this environment, playing the role of late adopter can put a business at a serious disadvantage. Ready or not, digital transformation is coming — and it’s coming fast.

Is your company ready for this sea of change in business models? At SAP, we’ve helped thousands of organizations embrace digital transformation — and turn the threat of disruption into new opportunities for innovation and growth. We’d relish the opportunity to do the same for you. Our Digital Readiness Assessment can help you see where you are in the journey and map out the next steps you’ll need to take.

Up next I’ll discuss the impact of digital transformation on processes and work. Until then, you can read more on how digital transformation is impacting your industry.

Comments

Ginger Shimp

About Ginger Shimp

With more than 20 years’ experience in marketing, Ginger Shimp has been with SAP since 2004. She has won numerous awards and honors at SAP, including being designated “Top Talent” for two consecutive years. Not only is she a Professional Certified Marketer with the American Marketing Association, but she's also earned her Connoisseur's Certificate in California Reds from the Chicago Wine School. She holds a bachelor's degree in journalism from the University of San Francisco, and an MBA in marketing and managerial economics from the Kellogg Graduate School of Management at Northwestern University. Personally, Ginger is the proud mother of a precocious son and happy wife of one of YouTube's 10 EDU Gurus, Ed Shimp.