What's the future of Risk, Control and Compliance?
Centralized operating models and their benefits
Different shared service operating models bring different risks and benefits to your organization.
Businesses began to use shared service centers (SSCs) and outsourcing to improve back-office efficiency more than two decades ago. The intention was to move routine, transactional work to specialists who were dedicated to processing it more efficiently and at lower cost, leaving the business free to be more agile and focus on its customers.
The models used vary enormously — by degree of integration, by geographical location, by single versus multiple SSCs, by captive provider versus outsourcing (or a mix of the two), and by governance arrangements — but all share the same core drivers.
Cost savings remains a key objective, but now these objectives have extended to include benefits such as: process efficiencies, standardization, additional value and career opportunities for employees; talent sharing across traditional boundaries; innovation and the integration of mergers and acquisitions (M&A). All these result in the better use of time and resources for the retained business.
Different centralized operating models exist. A summary of the principal options is provided below, distinguishing between key decisions on:
- Organizational structure to be put in place
- Where the resources and capability will come from to support the new operating model
The benefits case
The core value of moving to a common and optimized set of risk, control and compliance activities can be defined across five key characteristics:
- Cost to serve
Minimizing the time and resources devoted to risk, controlling and compliance activities to reduce back-office costs and maximizing those devoted to front-office and market-facing activities.
- Risk management and compliance
The effective management of risks and compliance needs (risks and compliance needs understood, controls in place, risks and compliance monitored) — as defined within an agreed risk appetite.
The ability to integrate acquisitions and manage divestments swiftly and cost-effectively through the rapid deployment of a common risk, controls and compliance framework with monitoring capabilities.
The ability to flex risk and controlling activities and tolerances set as the inherent risks faced by organizational change. This would take into account new risks, as well as the changing profile of existing/known risks.
Provision of management information related to risk, controls and compliance that enables decision making through clarity of risk gaps to be addressed, and controls and compliance breaches that require remediation.