A special episode this week for my blog… I have a co-author! I have been sharing my thoughts on the combined universe of risk & control management and #BPM. During these first couple of blogs on this topic, our team expanded in the person of Andrea Beltan Gomez, an expert on risk & compliance management with an extensive business experience in the financial industry. To celebrate this I am not going to share my thoughts today, but hers. 

I’ve interviewed Andrea and asked about her opinion on a couple of on-topic questions. Please find her answers below:

CJ: Can you briefly introduce yourself to our customers and other readers? 

AB: I have been participating in organizations in both sides of the desk (consulting companies and in-House) mainly in Financial Industries. 

The main objective of my former-previous teams has been supporting Risk Minimization via frameworks and technology implementation. Recently in Operational Risk (IT, Information Security and Business Resilience). 

By joining SAG I will keep cooperating on those matters to our customer, that would be an exciting path!

CJ: What do you believe is the biggest pitfall for companies when dealing with risk & compliance management? 

AB: Companies are facing many challenges, new regulations and technologies increase complexity, however there are big companies with complex business models that successfully overcome them. 

Organizations are very good in creating mitigation actions or monitoring risks; however, risk determination and scoring are still big challenges for some of them, a good integrated-tool and risk assessments could support these tasks properly and balance the complexity of challenges.

CJ: Do you see process management and Risk & Compliance Management converge or diverge in the foreseeable future? 

AB: I believe that Risk Management and Compliance Management should converg and on top of that both of them should converge with the more wider business process management. Risks arise from different causes (incl. including uncertainty and predictable scenarios) and the Compliance Management purpose is to ensure that requirements e.g regulatory, policies, procedures, standards are followed.

Ideally the organizations should manage to align procedures with controls or steps to mitigate risks and regulatory requirements and these procedures need to be aligned with the business processes in which they play a role. Updated documentation is essential to manage risks, controls libraries and different kind of requirements.  

CJ:   What little nugget of advice would you give to companies who seek to make their risk & compliance management more sustainable?

AB: Based on my experience organization could consider the following:    

• Spending time determining new risks is very useful, risks can appear any time…
• Update risk scoring and manage the alignment with the business processes accordingly 
• Align procedures with controls or steps to mitigate risks and comply regulatory requirements, you will be fine for readiness for audit and audit reviews.
• Determine roles and responsibilities in early stages and update them if required (e.g. risk owners, control owners, action owners, process owners)

As you can read from Andrea’s feedback and answers, there is a massive potential for improving the way organizations deal with risk & compliance management, supported by a wider business process management approach. In the end, and I keep repeating that, it’s the business process that connects virtually all other enterprise artifects together. 

I would like to thank Andrea for her contribution for this blog and wish her lots of success in our team 🙂

Have a great weekend!

Ciao, Caspar