<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1907245749562386&amp;ev=PageView&amp;noscript=1">

The Leonardo Blog

All Posts

Linking GRC and BPM: Governance Risk Compliance and Business Process Management


Business Process Management and Governance Risk & Compliance Management: two separate worlds?

Reading a newsletter of Leonardo Consulting you would not be surprised to find the word Business Process Management (BPM) in the headline. Not that common is the topic Governance, Risk & Compliance (GRC), which is indeed becoming more and more important: Quality standards (e.g. ISO 9000)  in  various business areas as well as laws and regulations that have been introduced and are binding. This article puts a spotlight on both Management areas in order to illustrate, how they are linked to each other.

Business Process Management  is well known as an approach to improving an organisation’s processes, by aligning  all relevant aspects of an  organisation promoting  effectiveness and  efficiency. Corporate Governance describes the regulation framework for a target-oriented, responsible and ethical administration and a regulated control of organisations in accordance with the existing law. Risk Management integrates the handling of risks that threaten the achievement of strategic and operational business objectives and therefore covers topics like risk identification, risk evaluation, risk mitigation and risk monitoring. The Compliance Management, last but not least, is the fulfilment of all relevant internal and external, binding and voluntary requirements of all stakeholders. So much for the definitions, but how are the GRC topics related with BPM?

A good example is the Internal Control System (ICS). Being influenced by the US Sarbanes Oxley Act in 2002 which put a spotlight on risk inheriting processes and process steps as well as reasonable controls and their ongoing execution, the topic ICS became more and more common and important. See also the best-practice guidelines set by the Australian Stock Exchange (ASX) which requests companies to implement a risk-management process within their Risk & Control Management systems and its assessment. However the guideline is not compulsory for organisations to follow. But it  makes  it obvious: no business without business processes. And these processes and process steps inherit risks. Business Process Management is therefore an ideal basis for risk evaluation, risk mitigation and risk monitoring.

The existing process knowledge should be used in order to support the Risk Management succeeding in these topics. Once the risks have been identified it is about setting up appropriate controls, mitigating the evaluated risks. If specific laws have to be followed, (e.g. SOx with a financial focus) the relevant process areas are clearly defined. BPM can support these compliance aspects by providing the process knowledge and, if any tools are used, the maintenance of the GRC related data as well as its communication. Risks and controls could be assigned to process steps and specified with responsibilities and information about application systems or tests to be executed to ensure the controls effectiveness. The BPM repository, if a tool including a database is used, would ensure a sustainable approach by offering GRC specific reports or having the data required to feed a workflow tool handling the risk evaluation as well as the testing of designed and implemented controls.

These are just two examples for various business cases, where BPM and GRC are linked to each. In conclusion, it is worthwhile to look at BPM and GRC questions in a combined approach, as both management areas do contribute to each other in specific business areas and therefore the effectiveness and efficiency of both BPM and GRC related aspects could be increased.

Download the 7 Enablers of BPM paper  to read about enabling Process Governance

Related Posts

UST Acquires Leading Australian Process Transformation Company Leonardo

UST Acquires Leading Australian Process Transformation Company Leonardo - Strategic acquisition further strengthens UST’s position in the dynamic ANZ market Melbourne, Australia, 21 February 2024:UST, a leading digital transformation solutions company, has announced the strategic acquisition of Leonardo, a leading provider of business process improvement, automation, and integration services in the ANZ region. The acquisition by UST will empower Leonardo to expand its market reach and enhance its service offerings for clients, combining Leonardo's in-depth process expertise with UST's technology leadership, digital transformation capabilities, and global credentials, and strengthening UST's position in the Australian market.

How to Present Business Process Models to Stakeholders

Has an audience member ever interrupted in the middle of a presentation about process analysis to ask, “Can you show us the process models in a simple PowerPoint slide?” – or, ”I don’t want to look at the green and purple boxes, just show me the flow!” Perhaps you then felt that you had wasted some of your efforts in modelling the process with too much detail or in the wrong way. Embarrassed and demoralised, you must have wondered how else could these models be presented. Well, you are not alone! This is a common dilemma when there is a need to present process models to a variety of audiences. There is both art and science in presenting the right level of process detail to the right group of stakeholders, especially if they are not familiar with the process modelling language. Effective presentation is even more critical in larger and complex end-to-end process improvement work and in new automated business model implementations. You may need to use multiple model types to describe the same business processes to various audiences. Hence, it is very important to understand who the stakeholders are and what they would like to see before your audience with them. This article proposes an approach to the effective presentation of business process models based on three key elements: understand, organise, and communicate.

What Are The Most Important Questions In Business Process Management?

She who dies with the most answers wins. We seek the truth. We want to know the answers. Paul Harmon started me thinking recently when he invited members of the BPTrends Discussion group on LinkedIn to “describe the purpose of Business Process Management in 160 characters, including spaces and punctuation.” Not easy to do – have a go at it yourself. It felt like I was crafting The Ultimate BPM Answer, which, of course, begged The Ultimate BPM Question. That got me thinking that The Ultimate BPM Problem is that we have plenty of answers and not enough questions. So put all the answers aside for a moment and help me to work out what are the most important questions in Business Process Management?