Modern CFO in control with integrated software CPM-GRC
-
Upload
mario-halfhide -
Category
Documents
-
view
352 -
download
1
Transcript of Modern CFO in control with integrated software CPM-GRC
![Page 1: Modern CFO in control with integrated software CPM-GRC](https://reader036.fdocuments.in/reader036/viewer/2022081809/559aed211a28ab9e218b45e8/html5/thumbnails/1.jpg)
The modern CFO in control
The software integration of CPM and GRC March 2012
1. Introduction
The increasing pressure from legislation and regulations on the reporting process of organizations
increases the need for unified software platforms, which integrate Corporate Performance
Measurement (CPM) and Governance, Risk and Compliance (GRC) into a single software
environment. Studies by Gartner and Forrester indicate that CFO’s seek the integration of CPM and
GRC. A modern CFO is not looking at separate best of breed CPM or GRC packages, but tends to find
ways to integrate both aspects. A development that is identified by consulting organization
SeederDeBoer.
SeederDeBoer has investigated both the overall market condition and capabilities of unified
platforms. For the purpose of the study packages from SAP, Oracle, Infor, Tagetik, VisionWaves,
Longview, Pulinco Engineering and ControlPanelGRC with integrated functionality for CPM and GRC,
are investigated. All packages are available on the Dutch market. The research has shown that these
packages already can be used for the creation of integrated reports, which combine CPM and GRC.
The main question is: Is your organization ready for the integration of CPM and GRC? The purpose of
this article is to inform you, as a modern CFO, about the possibilities of unified platforms. The article
begins with the definition and trends of integrated reports and software tools that support this.
Subsequently, the advantages of the usage of Unified platforms are specified with the help of a
business case.
2. Definitions and trends
2.1. Corporate Performance Management en Governance, Risk and Compliance
Corporate Performance Management (CPM) and Governance, Risk & Compliance (GRC) are concepts
that gain much attention of large, often international operating, organizations. The combination and
integration of CPM and GRC ensures that organizations are able to apply Risk Based Performance
Management, whereby risks and measures are being incorporated into the performance. Also,
several management dashboards can be setup, by which cause-effect relationships can be
discovered. This enables organizations to better monitor and manage their performance. In addition,
it becomes possible to set up a more efficient reporting process (which complies with internal
policies and external regulations, laws and regulations because reports are created from a single data
source). Examples of laws and policies are U.S. GAAP, Sarbanes Oxley, Solvency II and Basel III, but
also for sector specific and country specific rules.
2.2 Trends within in the software market
In the software market for integrated reports three developments are visible (they are partly
identified in the afore-mentioned studies by Gartner and Forester). First the fusion of functionality
for budgeting, consolidation and reporting functionality for performance management. From a
computerized CPM platform management reporting and statutory reporting requirements are
produced (Gartner Q3, 2011). The second development is the fusion of Governance, Risk and
Compliance functionality into enterprise GRC platforms. The functionalities used for Enterprise GRC
are Policy Management, Risk Management (ERM), Audit Management, IT Governance, compliance to
![Page 2: Modern CFO in control with integrated software CPM-GRC](https://reader036.fdocuments.in/reader036/viewer/2022081809/559aed211a28ab9e218b45e8/html5/thumbnails/2.jpg)
laws and regulations (country-specific, product specific, sector-specific) (Forrester Q4, 2011). The
third development is the fusion between CPM and GRC reporting functionality to "unified platform".
A single reporting system is positioned as a shell on all operating systems and reporting tools. This
allows that both internal and external reports are made, which includes the impact of risks and Risk
Management on the performance of the organization (or parts thereof) and the valuation of the
assets which are displayed.
3. CPM/GRC: business case
The following business case provides insight into the benefits of working with integrated software
packages for CPM and GRC.
3.1 Business case description
A large Dutch insurance company has offices worldwide. Because the company operates under the
Solvency II legislation, external reports should clearly state whether the group continues to meet its
long term obligations. Solvency II requires that core risks are taken into account when valuing assets
and liabilities. Solvency II also obliges that scenarios on the development of operational results are
outlined together with the disclosure of annual figures. Further it must be stated that the
organization complies to all relevant laws and regulations.
Therefore it is mandatory that risk models (for determination of risk values), actuarial models (for the
valuation of reserves) and other valuation rules for the capital must be synchronized. Furthermore,
the corporation and each subsidiary organization must comply to policies and regulations of the
country of residence.
In this insurance company, monthly management reports are completed by each subsidiary
organization. These reports are analyzed at group level, consolidated and presented to the group
management. In these reports, results at different levels are compared to budget, policy agreements
etc. Periodic reports are also presented to the Supervisor, the Dutch Central Bank. In practice, several
software systems and spread sheets are used for the creation of the various reports. This makes the
reporting architecture and data management extraordinarily complex and difficult to maintain.
3.2 Advantages of the usage of a unified platform
The following advantages can be realized by using a unified platform:
When formulating policy and organizational objectives and priorities, performance indicators and key
risks in relation to each other are determined. This happens at different levels: group, countries, etc.
These products will be included in the budgeting and reporting system and the underlying operating
systems. Also, this is the software which will be used for financial analysis, actuarial modelling, risk
modelling, process controls, transaction monitoring, IT controls, audit and policy management.
It is required that it is predetermined which data sets will be used for reports and analyses. This
applies to the entire group at all levels.
In the unified platform, both the reporting structure and the standardized process (using workflow
and (master) data management) are automated at all levels. Budgeting and performance is better
aligned and the impact of risks and risk management on the value/performance can (automatically)
![Page 3: Modern CFO in control with integrated software CPM-GRC](https://reader036.fdocuments.in/reader036/viewer/2022081809/559aed211a28ab9e218b45e8/html5/thumbnails/3.jpg)
be determined. Actions resulting from the analyses are directly enforceable by (line) managers and
executives. This is the core of Solvency II, to ensure that the insurance is in control. The manual
spread sheets and individual reporting systems that were formerly used for these actions can be
abandoned. Not only is speed (reporting logistics) and more available time for analysis, but also
better matching reports a great advantage. Thus, both the group and the regional CFO’s gain control
over their reporting process.
The ICT architecture and database structure can be simplified. Ideally only one reporting system is
used. This leads to less connections to other systems. With a unified platform this organization is
capable to deliver all required Solvency II reports in the required format. This applies to the group,
but also to countries, products and insurance groups.
Based on the information in this business case it is expected that with the usage of a unified
platform, the budgeting, reporting and disclosure process can be improved by 10 to 15 per cent. No
more discussions about the accuracy of the reports, a quicker and more reliable analyses can be
realized, the reporting process is standardised and transparent for the entire group. Furthermore,
the impact of risks is incorporated in all performance figures. This makes it easier to manage the
organisation based upon concrete information. Last but not least, the CFO is sure that all reports
comply with internal policies, laws and regulations. Thus the CFO is more in control than ever before
and enables the CFO to become an even better business partner for line managers and the board of
the organization.
Conclusion
Due to a strong increase in (both national and international) laws and regulations the need to be fully
'in control' over the reporting process is a hotter topic than ever. GRC cannot be separated from
organizational performance. The integration of CPM and GRC is mostly a basic requirement. A unified
platform offer opportunities to set up the reporting process in a consistent, accurate way. The CFO is
responsible for the reporting process and needs to be fully 'in control' and is therefore ideally suited
to act as a director in the creation of a more efficient and accurate reporting process.
Authors: Mario Halfhide and Pim van der Lienden from SeederDeBoer Management Consultants