Professional Documents
Culture Documents
Diagnostic
Enabling RT growth across APAC
1 April 2016
Today’s presenters
Page 2
Topics to cover
01
RT diagnostic 02
RT diagnostic as 0 3
Key target
overview a growth enabler clients
04
Execution of the 05
Collaborating with 0 6
Tracking opportunities
RT diagnostic the AAC RT team in CRM
Page 3
Learning objectives
Page 4
What is the
Risk Transformation
Diagnostic?
Enabling Growth
A new way of delivering a more effective and
Key Clients
impactful assessment of a client’s
Governance, risk management and
compliance (GRC) program
Execution
Collaboration
CRM Tracking
Page 6
Overview
RT diagnostic overview
The RT Diagnostic is focused on GRC
Enabling Growth
GRC
Key Clients
objectives
Execution
risks that impact the achievement of company’s business objectives
The RT
Collaboration
Diagnostic Provide rapid assessment of Highlight key areas Provide executives with a co-
current maturity for the functions of focus based on developed roadmap with
is designed involved in Governance, risk business forces and prioritized initiatives identified
to: management and compliance risk drivers for the organization and
processes accelerate resolution of
CRM Tracking
issues
Page 7
Overview
RT diagnostic overview
Understanding “G”, “R” and “C”
Enabling Growth
Governance Risk management Compliance
Key Clients
• Provides visibility into • Oversees and manages
compliance & risk
pertinent risks for enterprise’s response to
management
informed decision making regulatory requirements
• Aligns with organizational
objectives through policy
Execution
Enterprise level processes
► While GRC typically refers to “Governance, risk management and
Collaboration
compliance” as a singular concept, each of these three areas is unique in
the value it brings to the enterprise.
CRM Tracking
Page 8
Overview
RT diagnostic overview
5 dimensions of risk
Enabling Growth
Risk information fully
Risk is only considered
Governance integrated into performance
periodically and based
management and
Key Clients
on lagging information
decision making
Management
Risk champions throughout
Inconsistent processes,
business supported by
manual reporting,
consistent processes and
annual risk workshops
Execution
automated reporting
People Process Technology
Culture
Risk seen as a ‘painful’, ‘Risk culture’ fully embedded
compliance driven into organisational ethos and
requirement daily operations
Collaboration
CRM Tracking
Page 9
Overview
RT diagnostic
Project Lifecycle
Enabling Growth
Rapid assessment
Validation interviews Pre-Project
Evaluate & prioritize
GRC vision & strategy
Key Clients
Project
Measure value achieved Lifecycle
Execution
Document lessons learned
Demonstrate maturity
improvement
Refine roadmap
Post-Project
Collaboration
Prioritised implementation
Scope change management
Roadmap refinement for
tactical opportunities
Project
Implementation
CRM Tracking
Page 10
Why do we believe that
any company would
benefit from an RT
Diagnostic?
Overview
A mature risk management entails competitive advantage
Enabling
Growth
Key Clients
EY’s research and Our research suggests this
experience show that
In other terms, translates to competitive
organizations with more
mature risk management mature risk advantage: Companies with
practices outperform management more mature risk management
Execution
their peers financially. drives financial practices generated the highest
results
(From EY publication growth in revenue, EBITDA and
“Turn risk into results”) EBITDA/EV.
Collaboration
CRM Tracking
Page 12
RT diagnostic as a growth enabler
Overview
Changing how companies view risk
Enabling
Growth
All risks are threats. Some risks are threats. Other risks are opportunities.
Risk management is a compliance and an Risk management is a competitive advantage which
audit exercise drives financial performance.
Focus on: preventable risk Focus on: strategic, preventable and external risks
Key Clients
Execution
Silo view Business view
Collaboration
Manage the internal risks that I can control Manage the risks (both internal and external)
within my function that impact the business overall
CRM Tracking
and reduced costs
Page 13
RT diagnostic as a growth enabler
Overview
Our GRC Survey 2015 shows that there is room for improvement and
opportunities to be seized
Enabling
Growth
Organizations today are We found that organizations
challenged with a rapidly- While this creates many are making progress in
changing risk landscape challenges for improving the way they
including market volatility, organizations, it also manage risk in response to a
Key Clients
geopolitical crises, wide- presents an opportunity to changing risk landscape.
spread economic changes, take advantage of the However, there is further
regulatory reforms, and potential of risk room for improvement and
cyber threats. opportunities to be seized.
Execution
The RT
Collaboration
Diagnostic
is designed Identify areas for Prioritize the Translate them
improvement and the
to: opportunities to create
areas into actionable
items
value
CRM Tracking
Page 14
RT diagnostic as a growth enabler
Overview
Consistent, proven approach provided by the diagnostic drives
purposeful actions based on client’s needs and key risks
Sector Risk drivers Diagnostic approach Value to client Prioritized actions
Enabling
Growth
Teaming with Internal Audit to
Realized need for “2nd • Standardization and
assess “audit fatigue” and
line” risk & compliance integration of disparate
Healthcare consider how Governance, risk
resources & processes within the
management and compliance
immediately hired business unit
can be streamlined
• Teaming between Risk
Key Clients
Established partnership management and
Diagnostic used for interviews,
with ERM & obtained Compliance functions
Power & business case and roadmap
funding for multi-year • Organizational momentum
Utilities development as an expansion
development of eGRC for Governance, risk
of a Compliance framework
program & system management and
compliance initiatives
Identified opportunity to • Development of multi-year
Execution
Conduct survey-led diagnostic drive standardization roadmap
Media &
to cover 15 countries and 20 for Compliance to align • Governance & taxonomy
Entertainment areas of Compliance with company-wide org projects immediately scoped
redesign and requested
Used in conjunction with a Recognized the need • Follow-on projects included
control based review to assess to centralize, three key areas:
Manufacturing overall maturity of Governance, standardize, and • GRC PMO design
Collaboration
risk management and enhance its GRC • Delegation of authority
compliance capabilities processes • Information security
Holistic review of Governance, Development of broad • Policy project immediately
Diversified risk management and support for “One view scoped and requested
Industrial compliance across a of risk” across • Governance and technology
decentralized global footprint executive team enablement projects planned
CRM Tracking
Page 15
RT diagnostic as a growth enabler
Overview
Where have we already Where a similar approach is used
Enabling
Growth
performed the RT Diagnostic in APAC
Key Clients
Execution
Collaboration
CRM Tracking
Page 16
Who are the target
clients that can benefit
from the RT Diagnostic?
Overview
What drivers/triggers indicate that my client is ready for an RT Diagnostic?
Enabling Growth
Changes in
business New Chief Risk Decentralized Business case Lack of GRC
strategy or Officer (CRO) or operating support Technology in
direction Chief Ethics and models, place to support
(emerging Compliance acquisitions, risk reporting
markets, trends, Officer (CECO) organizational and decision
was appointed changes or making
Clients
competition,
Key
services, complex
customer operating
lifestyle, or environments
regulations)
Execution
Program An Enterprise Internal audit Lack of full Unclear
maturity review Risk review/ visibility and/or governance for
Management assessment of understanding risk
project (ERM) is enterprise GRC of how risk and management
Collaboration
being initiated compliance are and compliance
managed
CRM Tracking
Page 18
Key target clients
Overview
What drivers/triggers indicate that my client is ready for an RT Diagnostic?
Enabling Growth
Current state challenges Role of the RT diagnostic
Multiple and silo-d risk and/or Identify the need to develop a governance structure
Complex compliance activities at Simplified with centralized oversight and clear roles /
Corporate and entities responsibilities for Corporate and entities
Lack of clarity around areas of Orient the organization according to the three lines
responsibility of defense
Clients
Key
Risk & compliance Recognize overlaps, and gaps in existing processes and
Reactive implications not considered Proactive benefits of developing, documenting and formalizing
processes
until after starting new
business initiatives Highlight the importance of defining frameworks,
standard definitions, and common scales
Second line of defense is
Ascertain drivers for pain points highlighted in both
Execution
unclear on their role
interviews and surveys
“Fire drills” are common Categorize standards, guidelines and tracking needed
Inquires are driven more from for consistency
the business Identify trends / themes to drive program enhancements
Formal assessment processes to monitor operating
effectiveness of key compliance procedures and
Collaboration
controls
CRM Tracking
Page 19
Key target clients
Overview
We can execute a Diagnostic for any client – both Channel 1 & Channel 2
Enabling Growth
We can execute a Diagnostic for virtually any client, both Channel 1 &
Channel 2, as it is an assessment.
The SORT Service that RT Diagnostic rolls into is Risk Convergence (GFIS Code Global
Clients
Key
293). These type of services are allowed for Channel 1 clients, subject to certain
considerations which are all verified in the case of RT Diagnostic.
Execution
EY will not be designing EY will not be
nor implementing EY will not provide
performing monitoring
Collaboration
aspects of our client’s loan staff nor act in
or other client the capacity of a
financial process, management functions
system or internal client’s employee
controls.
CRM Tracking
Page 20
How is the RT Diagnostic
executed?
Overview
How to use the RT Diagnostic
Enabling Growth
The enablers provide the level of
The materials provided in the RT detail needed to make this concrete
Diagnostic toolkit are to be used as at each of our clients but needs to
a starting point be customized to fit your client
Key Clients
needs
Execution
Output:
Questionnaire: Interviews: Workshops:
Planning GRC vision &
Rapid assessment Validation Prioritization
strategy
1. Utilize the 2. Finalize survey 4. Review results of 7. Conduct 8. Prepare final
Collaboration
slides and interview survey workshop(s) deliverable of
included to approach with the 5. Conduct meetings with executives vision and
plan and client with key client to co-develop roadmap
socialize the 3. Conduct survey stakeholders vision for GRC 9. Prepare
upcoming 6. Finalize maturity & and prioritize supporting
diagnostic potential initiatives initiatives business case
CRM Tracking
Page 22
Execution of the RT diagnostic
Overview
How to use materials on RT Diagnostic SharePoint
Enabling Growth
Key Clients
Execution
Collaboration
CRM Tracking
Page 23
Execution of the RT diagnostic
Overview
How to use materials on RT Diagnostic SharePoint
Enabling Growth
Documents on RT Diagnostic SharePoint to use
Key Clients
03 SOW Example
Planning 04 Sample Project Plan
05 Client Kickoff Deck
Questionnaire: 06a GRC Questionnaire Guide
Execution
Rapid 06 GRC Questionnaire
assessment 07 Framework and Maturity Model
4 phases of the RT
diagnostic method
Interviews:
09 Client Interview Agenda
Validation
Collaboration
Workshops:
11 Observation Log
Prioritization
Output:
GRC vision & 10 Sample work products and roadmaps
CRM Tracking
strategy
Page 24
Execution of the RT diagnostic
Overview
The RT Diagnostic has highlighted opportunities across a variety of
service offerings and service lines
Enabling Growth
Governance, risk management and compliance roadmap
Key Clients
Risk
Governance Compliance
management
Enterprise Risk Program Risk Risk & Controls
Execution
Policy development Regulatory Compliance
Management Management Transformation
FAAS, Cyber Security RCTS
REPM PRM RCTS
Analysis of tax Third Party Risk Cyber Program Finance and treasury
Finance Transformation risk management
implications Management Management (CPM)
PI FSO
Tax REPM Cyber Security
Manage changes to
Collaboration
Analytics IT Risk Management Transaction Advisory Fraud, Legal and Ethics
organization & people
EI ITRM TAS FIDS
P&OC
GRC Technology GRC Technology ERP Services (SAP,
Strategy Supply Chain
Assessment Enablement Oracle)
PI PI
RT RT RCTS
IA Co-sourcing IA Transformation Information Security Contract Risk Assurance SOCR Reporting
CRM Tracking
IA IA Cyber Security FAIT FAIT
Page 25
Overview
Execution of the RT diagnostic
General guidelines
Enabling Growth
Engagement Partner
Provide oversight
Key Clients
Guide engagement, perform interviews,
review work products
recommended, as shown.
Manager
Execution
Manage day-to-day execution, take notes
and draft documentation
Collaboration
a simpler diagnostic to $250,000 differentiated service and not
- $350,000 for a more complex intended to be provided
diagnostic covering multiple complementary, which would
sites and topics. discount its value.
CRM Tracking
Page 26
How can I leverage the
AAC RT team to start
having risk maturity
conversations with my
clients?
Overview
Enabling Growth
Leverage the RT Diagnostic resources
Key Clients
RT Diagnostic contact information
RT Diagnostic
and toolkit are posted in the RT
Yammer group
Diagnostic CHS page
Execution
Additional files to be released throughout the Talk to us!
coming weeks! Kathrin Becker
Collaboratio
e.g. Diagnostic questionnaire instruction guide, GRC operating
Dora Chan
n
model, Prioritization workshop materials & guidance
CRM Tracking
Page 28
Tracking opportunities in CRM
Overview
Please tag any and all opportunities in Interaction as shown below
Enabling Growth
Key Clients
From “Source of the
Execution
opportunity” drop-down
list, please select “Risk
Transformation
Diagnostic”
Collaboration
Tracking
CRM
Page 29
Tracking opportunities in CRM
Overview
Please tag any and all opportunities in Interaction as shown below
Enabling Growth
From “Centers of
Key Clients
excellence” drop-down
list, please select “AAC
- Risk Transformation”
Execution
Collaboration
Tracking
CRM
Page 30
Collaborating with the AAC RT team
Overview
Spread the word!
Enabling Growth
1 Leverage the RT Diagnostic resources: CHS and Yammer
Key Clients
Identify suitable clients for an RT Diagnostic on their GRC
3 processes and notify Kathrin/Dora for pipeline tracking
Execution
Set up meetings to review GRC survey results with key clients
4 to drive discussions on doing an RT Diagnostic
Collaboratio
5 Start NOW.
n
CRM Tracking
Page 31
Q&A
Page 32