Loan processing..................................................................................
Loan processing offers another example of the convergence of CPM and GRC.
The process of making loans in most financial institutions is highly distrib-
uted. Hundreds or thousands of people are involved in evaluating the risk in
each loan application and determining whether the loan meets the accept-
able parameters. The acceptable parameters change constantly as interest
rates and market conditions change.
Much of the processing of loans can be automated to improve the performance
of a company. In automating loan processing and approval, the loan must be
evaluated to determine if it meets certain parameters. One compliance issue
related to such automation called “configuration persistence.” It can be pos-
sible for someone to change the parameters in a system and then run a loan
through that is improper, fraudulent, or perhaps a legitimate exception. The
process of automation, which was introduced to increase performance, could
be supplemented by a compliance event that is raised each time the configu-
ration parameters are changed. If the change is not approved by an appropri-
ate person within a certain amount of time, it would be escalated to more
senior executives. In this way, automation to improve performance is
extended to address compliance.
Seeing CPM and GRC Integration in Practice............................................
In the next few sections, we look at a few more detailed examples that illustrate
the opportunity of CPM and GRC integration.
The intersection of actuals ...............................................................
CPM and GRC take a different view of actuals, the numbers that reflect the
financial and operational performance of a business. To CPM, the quantity
of these numbers is the important thing. (How much revenue? How much
expense? How much income?). To GRC, the traceability and auditability of
the numbers are primary. The best quality information is both accurate and
auditable.
But as anyone who has worked in accounting knows, no automated system
always gets everything right. Accountants and bookkeepers are always
making journal entries to correct the information collected about the busi-
ness. But as recent scandals have shown, journal entries may also be abused
to fraudulently influence financial reports.
Chapter 15: Turning On the Lights with GRC and CPM 289
