For those of us tasked with accelerating the transformation of our organisations into the digital future, we are confronted with the need to balance the speed of the “change” with the ability to maintain the integrity and growth of our day to day “run” of our current businesses, while managing risks and remediating control gaps.
Our operating environment, while still challenging, in the financial services industry (post Royal Commission) but also most other B2C businesses, the scale and speed of change is driving an ever increasing burden with managing and controlling both our old and new environments, with the former requiring more investment to remediate or refresh to an ever higher bar – cannibalising investment to make the “new world” better. Looking forward, operational resilience in a post Covid, Ukraine & Optus world – with FAR regulations around the corner – will receive a growing share of both management, Board and regulator focus.
The sheer volume of risks and associated “wild & siloed” controls growth drives increasing complexity and thus also the challenge and costs of managing these controls & environments. Testing of these controls can only be manually performed now via sampling or spot checking in a 3 lines of defence world and threatens to become a tick-a box process, looking backwards rather than an effective pro-active control via deep understanding, including calibrating and testing, to properly mitigate the ongoing risks. The attached two-minute video gives an interesting view on the problem The Control Environment Industry Challenge.
Part of the cause of the problem is potentially also the solution – data, big or otherwise, and how we incorporate intelligence into this process to provide actionable insights to:
- Simplify and map these controls based upon best practise across industry,
- Provide understanding and allow the remediation of existing control gaps and the removal of duplicated or overlapping controls.
- Proactively managing of the entire operational business with predictive insights
The most likely successful path I see is though accelerated leverage of new data, RegTech and AI capabilities.A path that provides security, sustainability and is affordable - to solve our current problems and generate the room for investment in the necessary transformation to earn a place in the digital future.
Would be interested in your thoughts – especially with APRA’s new cross-industry Prudential Standard CPS230 Operational Risk Management?