18 May 2014

Transparency: "Square One" in ORM...

Operational Risk Management (ORM) has been evolving for over a decade.  There are new insights into why effective business process management coupled with Operational Risk architecture makes sense, through the lens of the Board of Directors.  Transparency.

Still to this day, the questions remain:
  • What can my organization do about the risk of loss resulting from inadequate processes, people, or systems?
  • To what extent should my organization link employee compensation or job performance with operational risk management?
  • How is operational risk taken into consideration when new products or technology solutions are designed or acquired, deployed, and executed?
  • Does my organization have an inventory of its key business processes with documented controls and designated senior managers responsible?
Can these questions be answered in a book of 308 pages from 2008?  It was a good start, to say the least.  The authors understood, that to really embed a culture of (ORM) into the enterprise you have to begin at the architecture level, the business process level.  This is far in advance of the governance of information and the business rules coded into software systems, even for such mundane corporate tasks as expense report or travel request review and sign-off.

You see, some companies still think that they are just doing fine with their Safety and Security Team, Continuity of Operations and Crisis Team, Chief Information Officer (CIO), General Counsel (GC), Chief Financial Officer (CFO) and in limited cases the Travel Risk Management department all working autonomously.  They think that having a few dedicated investigators to look into corporate malfeasance, is all they require in a corporate population of tens of thousands.

What do we mean by autonomous?  Not what you may think.  There is no doubt that the leaders of these organizational departments are cooperating and coordinating functionally.  They have each other on speed dial.  They share high level red alert intel with each other.  The question is, what is being done at the metadata level of the Operational Risk Enterprise Architecture (OREA)?  How are they designing Operational Risk Management systems to answer key questions at the speed of business?  To continuously adapt to an organization’s changing global environment, executives must know about, keep in balance, and communicate several vital components:
  • What are the organizational strategies (Strategic Intent) and how these should be implemented (Strategy Development and Organizational Change)
  • What organizational processes are executed and why, how they are integrated, and how they contribute to the strategy of the organization (Business Process Management)
  • How human resource utilization is working and whether there is optimum use of skills and resources available across processes and functions (Human Resource Management)
  • To what extent the enterprise organizational chart is cognizant of appropriate roles and responsibilities, in order to effectively and efficiently carry out all work (Organization Management)
  • What IT applications exist and how they interface with what processes and functions they support (IT Portfolio Management)
  • How the performance of each process, each function and each individual adds up to the organization’s performance (Performance Management)
  • What projects are currently underway, how they effect and impact change, what processes and IT applications they change and how this contributes to the strategy of the organization (Project & Program Management)
Is Operational Risk Management (ORM) about "Big Data Analytics"?  Only if your organization values better transparency, governance and regulatory compliance.  Ask the the Board of Directors their answer on this question to determine whether ORM is a "Big Data Analytics" issue.  How big is big?

The momentum for transparency is now at the U.S. government level of commitment.  It is the law.   As a prudent (ORM) practitioner, you already realize the cancerous outcomes from organizational fraud.  You know the root cause of the systemic disease that contributes to fraud within the enterprise. Big Data Analytics will mean nothing, without increased transparency.  Now we can ask the questions that we all want answers to:
The final language also requires everything the federal government spends at the appropriations account level to be published on USASpending.gov, with the exception of classified material and information that wouldn't be revealed in response to a Freedom of Information Request. One amendment, added earlier Thursday, gives the Department of Defense the option to request extensions on its implementation of the bill's requirements.
The Operational Risk Management (ORM) architecture of your enterprise will now begin with transparency, as the fundamental "Square One".

No comments:

Post a Comment