The regulatory environment is a rapidly shifting landscape for CFOs. The pressure to meet changing compliance requirements can frustrate even the most level-headed executives. I can’t tell you how often I’ve heard CFOs complain that compliance is a financial and resource drain on the business. And I understand their viewpoint.
But here’s a surprising truth: A comprehensive compliance and risk framework can actually create strategic advantage. With proper planning and precise execution, a well-designed compliance initiative can become a competitive secret weapon.
Changing your perception of compliance might require a mental shift. Right now, compliance may seem like a necessary evil – a chore with punishments for tardiness or deviation. If that’s your thinking, I urge you to view compliance as a lever, one that will help you operate your business better by providing visibility into operations and enterprise risk, while reducing waste. It can also help you take advantage of new market opportunities, especially when competing against other companies that haven’t made compliance a priority.
Going beyond perfunctory compliance practices
In the heavily regulated pharmaceuticals industry, for example, GlaxoSmithKline (GSK) Vaccines found that simply complying with global industry, financial, and data protection mandates was not enough.
“Preventing compliance issues entails the use of a proper internal control system that guarantees our significant risks are effectively mitigated,” explains Christophe Louis, IT project manager for GSK Vaccines. “Our vision was to implement an integrated framework empowering users to identify, assess, and treat risks, but also to ensure the effectiveness of controls and, when appropriate, automate their monitoring.”
By instituting a strong internal control framework, the company ensures compliance with regulations and also mitigates significant risks – protecting patient safety, employees, the environment, shareholder investment, and company assets and reputation. With control monitors and an audit framework to guarantee product quality, the framework also makes it easier for GSK Vaccines to prove compliance to regulators.
Improving enterprise performance and transparency
Most organizations begin their compliance efforts by simply trying to “check the boxes.” Programs are designed to meet the statutory requirements or keep executives out of jail, and little more.
As companies gain expertise, however, they often expand their compliance programs to focus on avoiding minor or even critical enterprise risk. By using tools and processes to automate compliance efforts, these programs can increase efficiency, reduce related expenses, and accelerate cost savings, especially for internal and external audits. That’s great for the bottom line.
But even more important is the impact of these more mature compliance initiatives on the business. Automation can help improve overall performance, reduce cycle times, and increase enterprise visibility. A holistic view of the business also allows executives to make decisions that limit the likelihood of enterprise risk, including fraud.
Think about how many companies struggle with false, inflated, or duplicate invoices for goods and services. Many incidents are discovered after the fact or never at all.
Even when fraudulently dispersed monies are identified, they are not always recouped from the bank. In fact, the Association of Certified Fraud Examiners estimates that the average company loses 5% of its annual revenue through fraud. A comprehensive compliance program that includes real-time monitoring of fraud and fraud prevention can add both top-and bottom-line benefit.
Mitigating catastrophic risk
The most advanced level of compliance focuses on avoiding catastrophic risk. CFOs who recognize the very real dangers of these threats pose are often the first to take responsibility for enhanced compliance. They must then develop a holistic strategy that not only identifies risk early but addresses how the company will handle any problems that are discovered.
This advanced level typically includes an enterprise-wide framework for compliance, with the associated people, processes, and technology needed to support the program. Are there costs involved? Of course. But companies that embrace this approach can significantly improve their ability to detect and prevent catastrophic losses, such as the hacking of financial information, breaches of finance systems, or violations of anti-corruption mandates.
Real-world examples of measurable benefits
Leading CFOs tell me that these projects typically pay for themselves while helping increase controls, reduce waste, and improve operations. In Africa, for example, Exxaro Resources Limited mines for coal, chemicals, ferrous metals, and energy resources. One major operational risk is the availability of water, which is needed for coal cutting, dust suppression, and pipeline transportation. To build a risk threshold around water intensity and manage its conservation, Exxaro restructured its processes to achieve best-in-class governance, risk, and compliance (GRC). Using SAP technology, the company created a standardized process to ensure that GRC activities are carried out in all business units and are integrated into the company’s sustainability framework.
I’m impressed with the resulting business benefits. The company realized a 90% improvement in risk visibility, a 20% savings in costs through effective risk management and better resource allocation, and a 10% reduction in auditing costs. Exarro also anticipates saving US$800,000 in the first year after deploying the new solution.
This example proves that compliance is definitely more than a check-the-box exercise. When executed as well as these companies have, your compliance initiative can add real value to your business. Is it time for you to take compliance to the next level?
A great resource for CFOs is available now at the SAP finance content hub, specifically on the topic of Enterprise Risk and Compliance Management.
To learn more about how finance executives can take a more strategic approach to governance, risk, and compliance (GRC), read the Forrester report: Adopt Three Lines of Defense Technology To Manage Governance, Risk and Compliance. Also, check out the GRC Value Calculator.