GRC
HR
SCM
CRM
BI


Blog

 

4 tips for a successful implementation of Process Control

by The Tip Doctor

December 9, 2011

Tip Doctor, Insider Learning Network.

The following tip has been taken from Jamie Croudace at Turnkey Consulting’s presentation “Tips and Tricks for a successful Process Control Implementation” which took place during the GRC 2011 conference in Las Vegas, March 8-11.

4 tips for a successful implementation of Process Control

1. Don’t Try and Conquer the World All at Once

  • Many companies fail as they try to “do it all” and wind up not doing any part right
    • Business buy-in is hard to get — business does not see the value; won’t take time to help
    • Internal compliance specialists don’t have time to find the value adds — can only concentrate on the mandated compliance requirements
    • Internal compliance specialists viewed as auditors here to hinder, not to help

2. Start with One or Two Processes

  • Pick a process that is:
    • Very key to the business (maybe very risky or inefficient?)
    • Known to have a great deal of business input — stakeholder with the right attitude towards controls 
    • Good IT integration with the business; good communication already established
  • Will enable management buy-in as you will have a successful process to demonstrate added value and proven results
  • This method supports rapid prototyping or a modular project- based approach on a process-by-process approach

3. Know Your Direction

  • Many companies fail as they get lost in the detail
    • The more controls the better, right?
    • If you start with no idea of what you are trying to accomplish,  you won’t be able to establish any innovative ideas
    • Historic processes remain unchanged and unchallenged
  • Know your risks before you start
  • Understand from a high level what your key areas of concern within the process are:
    • What are the compliance risks? 
      • What are you complying with (specifically)?
      • What are the minimum requirements?
  • Understand from a high level what your key areas of concern within the process are (cont.):
    • What are your operational risks? 
      • Is the process inefficient?  
      • Do clients complain? Do you get poor client feedback?
      • Are you losing money on late payments? 
      • Are your employees raising issues with the process internally?
    • Do you have other legal risks associated with the process?  (e.g., payroll process and data privacy, health and safety)
    • Are there other risks specific to your business?
  • You may not know all the risks in the beginning
    • You can do research before starting (e.g., client and internal questionnaires, looking into statistics on process-related data, etc.)
    • You can always add more risks as you go!
    • Prioritize the risks in order of importance to the organization

4. Take Stock of What You Have

  • Next step is to walk through the current processes
  • Gain an understanding of:
    • Current controls in place and nature of the controls (preventive,  detective, manual, or automated)
    • Effort vs. effectiveness of those controls
    • Control operator understanding of the controls and concerns with the process (may find more risks)
    • Control owner understanding of the controls and concerns with the process (may find more risks)
    • How centralized and standardized are the processes within the business unit? What about globally?

An email has been sent to:






More from SAPinsider



COMMENTS

Please log in to post a comment.

No comments have been submitted on this article. Be the first to comment!


SAPinsider
FAQ