Sections

Three Lines Of Defense And Integrated Reporting—Getting Internal Auditors Out Of Control And Into The Business

Bruce McCuaig

The role of internal auditors is to provide assurance, right? What does “assurance” look like?

It looks like this: “In our opinion, internal control (substitute risk management, compliance, IT security) is effective…” Or words to that effect.

If there are exceptions, there will be audit findings. If the audit findings are significant, the assurance may be negative and the opinion will reflect ineffective controls (and so on).

Question: What’s the opposite of assurance? Read on.

Assurance means you think you know

Let me give you a contrary view on assurance.

I believe that assurance enables and perpetuates ignorance, blocking real knowledge about the things that executives should know about governance, risk, and compliance (GRC). It provides no guidance for managers to run the business or for stakeholders to assess the business.

Check out how many of the banks and other businesses that failed in the financial crisis were given positive opinions on internal control over financial reporting.

Years ago, I was appointed chief internal auditor. My CEO told me to be his eyes and ears.  Managing a far-flung complex enterprise before the technology innovations of today, some ignorance was excusable. Relying on more eyes and ears was understandable and to some extent essential.

But that is not the case today. Virtually all the data necessary to manage governance, risk and compliance strategically exists somewhere in the business in machine-readable form.

All the tools, capabilities, and frameworks to create, sustain and report knowledge are here today.

Assurance and exception reporting is not simply acceptable. Assurance reporting lowers a curtain on knowledge.

I believe internal auditors are now able to lead in the creation and reporting of real knowledge and they should be measured on their progress in doing so. It’s a massive shift, but the path has been charted.

It’s time for internal auditors to get out of control and into the business.

A leap forward for GRC: Integrated thinking from Exxaro

I have always believed that GRC is a manageable dimension of the business and the real challenge for GRC professionals is to provide business leaders with a lens to look through and levers to pull.

We need a framework for reporting the results of GRC and for illustrating the link between GRC and performance.

While integrated reporting may be relatively unknown in the U.S., it’s a growing global phenomenon. In my view, it provides this “lens to look through,” a framework for organizing GRC information and linking to business performance. If you don’t like the capital model as the organizing principle for reporting, use your business strategy as a framework.

To me, the three lines of defense is the engine of integrated reporting. It provides the levers to pull for management to run the business. In the three lines of defense model:

  • knowledge is created by the business,
  • aggregated by GRC experts, and
  • attested to by internal audit.

One of our customers, Exxaro Resources, has integrated the three lines of defense with integrated reporting. Exxaro is based in South Africa, where integrated reporting is mandatory.

What does knowledge look like in GRC?

The graphic below is from page 19 of the 2015 Exxaro Integrated Report.

This report is a top-level dashboard from which the business can drill down, looking at individual business processes and relevant information about risks and how they are managed.

Saret Van Loggerenberg, Exxaro’s brilliant manager of risk and compliance, summarizes their story in this short video.

Insight vs. assurance

Exxaro has identified, documented, and assessed their risks and controls, measured the net impact of the risks against the 5 capital model used by integrated reporting, linked the results to their stakeholders, and identified and reported the risk appetite levels and related key performance indicators.

This is what knowledge looks like, and it is the extreme opposite of “assurance.”

Knowledge, not an unsupported opinion, is the ultimate assurance.

Armed with this knowledge and the related key performance indicators, Exxaro management runs their business. The knowledge is created by the three lines of defense.

They don’t need assurance. They have knowledge instead. This report does for GRC what financial statements do for financial management.

Here are some questions to consider:

  1. Does this report provide the necessary information on the effectiveness of risk and control management?
  2. Does this report provide the business and stakeholders with information about how well the business is managed?
  3. Can internal auditors get out of control and into the business?

Learn more

Comments

Bruce McCuaig

About Bruce McCuaig

Bruce McCuaig is director - Product Marketing at SAP GRC solutions. He is responsible for development and execution of the product marketing strategy for SAP Risk Management, SAP Audit Management and SAP solutions for three lines of defense. Bruce has extensive experience in industry as a finance professional, as a chief risk officer, and as a chief audit executive. He has written and spoken extensively on GRC topics and has worked with clients around the world implementing GRC solutions and technology.

Data Analysts And Scientists More Important Than Ever For The Enterprise

Daniel Newman

The business world is now firmly in the age of data. Not that data wasn’t relevant before; it was just nowhere close to the speed and volume that’s available to us today. Businesses are buckling under the deluge of petabytes, exabytes, and zettabytes. Within these bytes lie valuable information on customer behavior, key business insights, and revenue generation. However, all that data is practically useless for businesses without the ability to identify the right data. Plus, if they don’t have the talent and resources to capture the right data, organize it, dissect it, draw actionable insights from it and, finally, deliver those insights in a meaningful way, their data initiatives will fail.

Rise of the CDO

Companies of all sizes can easily find themselves drowning in data generated from websites, landing pages, social streams, emails, text messages, and many other sources. Additionally, there is data in their own repositories. With so much data at their disposal, companies are under mounting pressure to utilize it to generate insights. These insights are critical because they can (and should) drive the overall business strategy and help companies make better business decisions. To leverage the power of data analytics, businesses need more “top-management muscle” specialized in the field of data science. This specialized field has lead to the creation of roles like Chief Data Officer (CDO).

In addition, with more companies undertaking digital transformations, there’s greater impetus for the C-suite to make data-driven decisions. The CDO helps make data-driven decisions and also develops a digital business strategy around those decisions. As data grows at an unstoppable rate, becoming an inseparable part of key business functions, we will see the CDO act as a bridge between other C-suite execs.

Data skills an emerging business necessity

So far, only large enterprises with bigger data mining and management needs maintain in-house solutions. These in-house teams and technologies handle the growing sets of diverse and dispersed data. Others work with third-party service providers to develop and execute their big data strategies.

As the amount of data grows, the need to mine it for insights becomes a key business requirement. For both large and small businesses, data-centric roles will experience endless upward mobility. These roles include data anlysts and scientists. There is going to be a huge opportunity for critical thinkers to turn their analytical skills into rapidly growing roles in the field of data science. In fact, data skills are now a prized qualification for titles like IT project managers and computer systems analysts.

Forbes cited the McKinsey Global Institute’s prediction that by 2018 there could be a massive shortage of data-skilled professionals. This indicates a disruption at the demand-supply level with the needs for data skills at an all-time high. With an increasing number of companies adopting big data strategies, salaries for data jobs are going through the roof. This is turning the position into a highly coveted one.

According to Harvard Professor Gary King, “There is a big data revolution. The big data revolution is that now we can do something with the data.” The big problem is that most enterprises don’t know what to do with data. Data professionals are helping businesses figure that out. So if you’re casting about for where to apply your skills and want to take advantage of one of the best career paths in the job market today, focus on data science.

I’m compensated by University of Phoenix for this blog. As always, all thoughts and opinions are my own.

For more insight on our increasingly connected future, see The $19 Trillion Question: Are You Undervaluing The Internet Of Things?

The post Data Analysts and Scientists More Important Than Ever For the Enterprise appeared first on Millennial CEO.

Comments

Daniel Newman

About Daniel Newman

Daniel Newman serves as the Co-Founder and CEO of EC3, a quickly growing hosted IT and Communication service provider. Prior to this role Daniel has held several prominent leadership roles including serving as CEO of United Visual. Parent company to United Visual Systems, United Visual Productions, and United GlobalComm; a family of companies focused on Visual Communications and Audio Visual Technologies. Daniel is also widely published and active in the Social Media Community. He is the Author of Amazon Best Selling Business Book "The Millennial CEO." Daniel also Co-Founded the Global online Community 12 Most and was recognized by the Huffington Post as one of the 100 Business and Leadership Accounts to Follow on Twitter. Newman is an Adjunct Professor of Management at North Central College. He attained his undergraduate degree in Marketing at Northern Illinois University and an Executive MBA from North Central College in Naperville, IL. Newman currently resides in Aurora, Illinois with his wife (Lisa) and his two daughters (Hailey 9, Avery 5). A Chicago native all of his life, Newman is an avid golfer, a fitness fan, and a classically trained pianist

When Good Is Good Enough: Guiding Business Users On BI Practices

Ina Felsheim

Image_part2-300x200In Part One of this blog series, I talked about changing your IT culture to better support self-service BI and data discovery. Absolutely essential. However, your work is not done!

Self-service BI and data discovery will drive the number of users using the BI solutions to rapidly expand. Yet all of these more casual users will not be well versed in BI and visualization best practices.

When your user base rapidly expands to more casual users, you need to help educate them on what is important. For example, one IT manager told me that his casual BI users were making visualizations with very difficult-to-read charts and customizing color palettes to incredible degrees.

I had a similar experience when I was a technical writer. One of our lead writers was so concerned with readability of every sentence that he was going through the 300+ page manuals (yes, they were printed then) and manually adjusting all of the line breaks and page breaks. (!) Yes, readability was incrementally improved. But now any number of changes–technical capabilities, edits, inserting larger graphics—required re-adjusting all of those manual “optimizations.” The time it took just to do the additional optimization was incredible, much less the maintenance of these optimizations! Meanwhile, the technical writing team was falling behind on new deliverables.

The same scenario applies to your new casual BI users. This new group needs guidance to help them focus on the highest value practices:

  • Customization of color and appearance of visualizations: When is this customization necessary for a management deliverable, versus indulging an OCD tendency? I too have to stop myself from obsessing about the font, line spacing, and that a certain blue is just a bit different than another shade of blue. Yes, these options do matter. But help these casual users determine when that time is well spent.
  • Proper visualizations: When is a spinning 3D pie chart necessary to grab someone’s attention? BI professionals would firmly say “NEVER!” But these casual users do not have a lot of depth on BI best practices. Give them a few simple guidelines as to when “flash” needs to subsume understanding. Consider offering a monthly one-hour Lunch and Learn that shows them how to create impactful, polished visuals. Understanding if their visualizations are going to be viewed casually on the way to a meeting, or dissected at a laptop, also helps determine how much time to spend optimizing a visualization. No, you can’t just mandate that they all read Tufte.
  • Predictive: Provide advanced analytics capabilities like forecasting and regression directly in their casual BI tools. Using these capabilities will really help them wow their audience with substance instead of flash.
  • Feature requests: Make sure you understand the motivation and business value behind some of the casual users’ requests. These casual users are less likely to understand the implications of supporting specific requests across an enterprise, so make sure you are collaborating on use cases and priorities for substantive requests.

By working with your casual BI users on the above points, you will be able to collectively understand when the absolute exact request is critical (and supports good visualization practices), and when it is an “optimization” that may impact productivity. In many cases, “good” is good enough for the fast turnaround of data discovery.

Next week, I’ll wrap this series up with hints on getting your casual users to embrace the “we” not “me” mentality.

Read Part One of this series: Changing The IT Culture For Self-Service BI Success.

Follow me on Twitter: @InaSAP

Comments

How Emotionally Aware Computing Can Bring Happiness to Your Organization

Christopher Koch


Do you feel me?

Just as once-novel voice recognition technology is now a ubiquitous part of human–machine relationships, so too could mood recognition technology (aka “affective computing”) soon pervade digital interactions.

Through the application of machine learning, Big Data inputs, image recognition, sensors, and in some cases robotics, artificially intelligent systems hunt for affective clues: widened eyes, quickened speech, and crossed arms, as well as heart rate or skin changes.




Emotions are big business

The global affective computing market is estimated to grow from just over US$9.3 billion a year in 2015 to more than $42.5 billion by 2020.

Source: “Affective Computing Market 2015 – Technology, Software, Hardware, Vertical, & Regional Forecasts to 2020 for the $42 Billion Industry” (Research and Markets, 2015)

Customer experience is the sweet spot

Forrester found that emotion was the number-one factor in determining customer loyalty in 17 out of the 18 industries it surveyed – far more important than the ease or effectiveness of customers’ interactions with a company.


Source: “You Can’t Afford to Overlook Your Customers’ Emotional Experience” (Forrester, 2015)


Humana gets an emotional clue

Source: “Artificial Intelligence Helps Humana Avoid Call Center Meltdowns” (The Wall Street Journal, October 27, 2016)

Insurer Humana uses artificial intelligence software that can detect conversational cues to guide call-center workers through difficult customer calls. The system recognizes that a steady rise in the pitch of a customer’s voice or instances of agent and customer talking over one another are causes for concern.

The system has led to hard results: Humana says it has seen an 28% improvement in customer satisfaction, a 63% improvement in agent engagement, and a 6% improvement in first-contact resolution.


Spread happiness across the organization

Source: “Happiness and Productivity” (University of Warwick, February 10, 2014)

Employers could monitor employee moods to make organizational adjustments that increase productivity, effectiveness, and satisfaction. Happy employees are around 12% more productive.




Walking on emotional eggshells

Whether customers and employees will be comfortable having their emotions logged and broadcast by companies is an open question. Customers may find some uses of affective computing creepy or, worse, predatory. Be sure to get their permission.


Other limiting factors

The availability of the data required to infer a person’s emotional state is still limited. Further, it can be difficult to capture all the physical cues that may be relevant to an interaction, such as facial expression, tone of voice, or posture.



Get a head start


Discover the data

Companies should determine what inferences about mental states they want the system to make and how accurately those inferences can be made using the inputs available.


Work with IT

Involve IT and engineering groups to figure out the challenges of integrating with existing systems for collecting, assimilating, and analyzing large volumes of emotional data.


Consider the complexity

Some emotions may be more difficult to discern or respond to. Context is also key. An emotionally aware machine would need to respond differently to frustration in a user in an educational setting than to frustration in a user in a vehicle.

 


 

download arrowTo learn more about how affective computing can help your organization, read the feature story Empathy: The Killer App for Artificial Intelligence.


Comments

Christopher Koch

About Christopher Koch

Christopher Koch is the Editorial Director of the SAP Center for Business Insight. He is an experienced publishing professional, researcher, editor, and writer in business, technology, and B2B marketing. Share your thoughts with Chris on Twitter @Ckochster.

Tags:

In An Agile Environment, Revenue Models Are Flexible Too

Todd Wasserman

In 2012, Dollar Shave Club burst on the scene with a cheeky viral video that won praise for its creativity and marketing acumen. Less heralded at the time was the startup’s pricing model, which swapped traditional retail for subscriptions.

For as low as $1 a month (for five two-bladed cartridges), consumers got a package in the mail that saved them a trip to the pharmacy or grocery store. Dollar Shave Club received the ultimate vindication for the idea in 2016 when Unilever purchased the company for $1 billion.

As that example shows, new technology creates the possibility for new pricing models that can disrupt existing industries. The same phenomenon has occurred in software, in which the cloud and Web-based interfaces have ushered in Software as a Service (SaaS), which charges users on a monthly basis, like a utility, instead of the typical purchase-and-later-upgrade model.

Pricing, in other words, is a variable that can be used to disrupt industries. Other options include usage-based pricing and freemium.

Products as services, services as products

There are basically two ways that businesses can use pricing to disrupt the status quo: Turn products into services and turn services into products. Dollar Shave Club and SaaS are two examples of turning products into services.

Others include Amazon’s Dash, a bare-bones Internet of Things device that lets consumers reorder items ranging from Campbell’s Soup to Play-Doh. Another example is Rent the Runway, which rents high-end fashion items for a weekend rather than selling the items. Trunk Club offers a twist on this by sending items picked out by a stylist to users every month. Users pay for what they want and send back the rest.

The other option is productizing a service. Restaurant franchising is based on this model. While the restaurant offers food service to consumers, for entrepreneurs the franchise offers guidance and brand equity that can be condensed into a product format. For instance, a global HR firm called Littler has productized its offerings with Littler CaseSmart-Charges, which is designed for in-house attorneys and features software, project management tools, and access to flextime attorneys.

As that example shows, technology offers opportunities to try new revenue models. Another example is APIs, which have become a large source of revenue for companies. The monetization of APIs is often viewed as a side business that encompasses a wholly different pricing model that’s often engineered to create huge user bases with volume discounts.

Not a new idea

Though technology has opened up new vistas for businesses seeking alternate pricing models, Rajkumar Venkatesan, a marketing professor at University of Virginia’s Darden School of Business, points out that this isn’t necessarily a new idea. For instance, King Gillette made his fortune in the early part of the 20th Century by realizing that a cheap shaving device would pave the way for a recurring revenue stream via replacement razor blades.

“The new variation was the Keurig,” said Venkatesan, referring to the coffee machine that relies on replaceable cartridges. “It has started becoming more prevalent in the last 10 years, but the fundamental model has been there.” For businesses, this can be an attractive model not only for the recurring revenue but also for the ability to cross-sell new goods to existing customers, Venkatesan said.

Another benefit to a subscription model is that it can also supply first-party data that companies can use to better understand and market to their customers. Some believe that Dollar Shave Club’s close relationship with its young male user base was one reason for Unilever’s purchase, for instance. In such a cut-throat market, such relationships can fetch a high price.

To learn more about how you can monetize disruption, watch this video overview of the new SAP Hybris Revenue Cloud.

Comments