issuhub.com

SAP - TINET - Tarragona Internet

(Ron) #1 
with generally accepted accounting principles and other applicable regula-

tions. The certifiability of the numbers being reported depends in large

measure on GRC activities such as segregation of duties. If this groundwork

has been laid, executives can have confidence in their statutory reporting.

Although CPM is concerned with the meaning of the numbers, GRC is con-

cerned with the traceability and auditability of the processes used to create

those numbers.

With respect to modeling, both CPM and GRC create many models of correct

or desired activity and then detect and measure variances from the model.

The core components of CPM and GRC are correlated. They are so similar

and have so many overlapping aspects that it seems obvious that they

should be addressed in a synchronized and integrated manner. But in prac-

tice, this is rarely the case for a variety of reasons. In the next section, we

explore the case for an integrated approach to CPM and GRC and the barriers

in the way.

Making the Case for CPM and GRC Integration ........................................


The case for an integrated approach to CPM and GRC amounts to the follow-

ing argument:

Both CPM and GRC are involved with monitoring business activity.

Both CPM and GRC are part of virtually every business process in the

enterprise.

When designing a business process, the needs of both CPM and GRC

should be incorporated so that monitoring, compliance, and risk man-

agement are part of the normal way of doing business.

Addressing CPM and GRC in an integrated fashion will result in cost sav-

ings, better information, and improvements in the quality of both CPM

and GRC processes.

Companies set their overall business strategy and have a need to tie in key

risks associated with the overall strategy. For example, say that a company’s

key strategy is to enter the Chinese market. The KPI for this objective is to

grow market share in China by 10 percent of the company’s overall revenue

by only investing $5 million on the overall plan. Before the company executes

on this key objective of entering the Chinese market, management needs to

know what risks are involved, such as infrastructure, resources, market con-

ditions, and regulations. In addition, besides evaluating the risks of entering

the Chinese market, how will the company track against the $5 million plan

284 Part IV: Managing the Flow of Information

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.