As a result of the current crisis in the banking sector, customers, the state and shareholders are equally doubtful of the effectiveness of risk management, internal control systems and their auditing through inspections and auditors. The most popular demands currently extend to more regulation, stricter controls and tougher penalties for non-compliance. This is counterproductive for the credit institutions, as they actually need to reduce their costs rather than spending more money on implementing new regulations. (...)
Current studies show that both the number of regulations as well as the costs associated with them are continuously increasing in companies. Paradoxically, the number and complexity of regulations has developed into a significant risk for companies. (...)
Best Practice 1: Looking down is permitted
It often makes more sense to redesign the appropriate controls than to check whether existing controls are suitable. In doing so, a top-down approach is recommended. (…)
Best Practice 2: Ultimate integration – created in house
Operational Risk, Compliance & Internal Controls and Internal Audit are often divisions that operate independent of each other in terms of method. Multiple regulations are mostly considered in isolation. A methodical comparison shows that the differences are generally a matter of nuances. The most significant differences often lie in the concepts, but not in their meaning and interpretation. (…)
Best Practice 3: Deflation – a good sign for risk and compliance projects
Even in a multi-regulatory environment, all GRC projects should be implemented in the long term by a central GRC policy unit. Such a central Project Management Office (PMO) can realize GRC projects, which are then specifically transferred to existing departments that cooperate closely with each other. In previous years, numerous compliance projects have been created in order to comply with new regulations in a timely manner. (…)
%publication_download
Risikomanager Edition 16/2009 – 8th of august 2009