The emerging role of CFOs have put them on the forefront of Governance, Risk & compliance. There are no disagreements on the subject that with ever increasing requirements of business for more transparency and the same being made available to all stakeholders for reliance and value maximisation.
The paradigm shift has put CFO of both listed and Non-listed companies in hot seat to ensure maximum governance added with additional requirements after implementation of companies Act 2013 e.g Risk Committees, IFC , Board representations e.t.c ,
Today’s globalised world is characterised by increasing interconnectedness, social networking, and fast-paced technological change, which, in addition to opportunities, also have the potential to increase vulnerabilities in the VUCA world and this create new risks with impacts on a much larger scale, and sometimes over a longer time span . Besides the risk management by risk identification and having mitigation strategies in place also makes the job of CFO challenging and demanding.
The world’s corporations are keeping a keen eye on how large corporations are managing and responding to risk failures so they can avoid the same mistakes. They’re learning that companies tend to underestimate the cost of risk failures internally, as well as externally. In many cases, corporations are also underestimating the cost of time that managers need to address damage control.
“Risk culture” can be defined as the norms and traditions of behaviour of individuals and groups within an organization that determine the way in which they identify, understand, discuss, and act on the risk the organization confronts and the risks it takes.” Institute of International Finance, implementing robust risk appetite frameworks to strengthen financial institutions, 2011.
Analysts disagree on how these aspects of GRC are defined as market categories. Gartner has stated that the broad GRC market includes the following areas:
- Finance and audit GRC
- IT GRC management
- Enterprise risk management.
Lot is being done by companies in house to standardise the processes and have frequent internal audits to ensure due compliances as per Companies Act, Tax laws both Direct / Indirect & Labour laws compliances. However due to complexity involved & timely reporting requirements and ever- increasing burden on the internal compliance teams, the advent of GRC compliance tools have made significant presence in market. These tools are developed and managed by professional firms
having requisite expertise in domain area.
By implementing such a GRC platform, organizations can experience:
- Improved visibility. IT helps organizations integrate and manage data, enabling a central view of risk and compliance.
- Reduced complexity. Automation handles administrative and technology complexity, so risk and compliance professionals can focus on analysis and management.
- Promotion of collaboration and sustainability. Individuals throughout an organization can see how information is being collected, stored, and disseminated, which promotes collaboration to improve efficiency and speed.
- Reduced costs. The solution can eliminate duplicative activities and drive down time spent on routine administration, data gathering, classification, and reporting.
- Improved response time. The solution can enable efficient risk response activity.
Having faced the same challenges in past few years we in BEUMER India went ahead with outsourced compliance management tool managed with company having professional expertise to manage the IT backbone & varied compliance requirements.
The tool being used by us ensures the compliance reporting by following depts. at Monthly or QTLY reporting as required.
a) FA : Direct / Indirect Tax filings
b) Secretarial filings
c) FEMA Filings
d) HR compliances.
All depts report their compliances in the tool and the Tool gives CFO or Management a dashboard of compliances with HIGH/Medium/Low risk compliances and based on the findings management can take suitable corrective actions.
In addition to this BEUMER with its help of IT team developed an inhouse ERM tool, which gives management an overview of different category risks at enterprise level e.g Strategic, Market, Financial & Operations Risks.
The Risks within these categories are further sub classified in specific areas to have proper Risk identification & right mitigation measures in place by identified risk owners.
The dashboard again gives a good overview to management of the value wise & percentage wise risks with High/Medium & Low complexities and areas where management focus/attention is required.
Having seen the working of these tools effectively for some time has given us confidence to further explore the areas where with technology or digitalisation we can work further to improve our business efficiency and bring value add to business and all stakeholders.