About UsThe Decision Factor offers insightful comments and observations on analytics—from views on new technology approaches and market dynamics to the latest industry trends driving demand for faster, smarter information analysis. This blog contains personal views, thoughts, and opinions from SAP employees, mentors, and friends working in the area of analytics. It’s not endorsed by SAP nor does it constitute an official communication of SAP. |
Posted by: Bruce McCuaig April 18, 2013  I am trying to anticipate the impact of in-memory processing on governance, risk, and compliance (GRC) activities. What will it mean to risk, compliance, audit, and other GRC professionals when we have the ability to scan and analyze millions of pieces of data almost instantly? How will professional practices change? How will our reports and their content adapt? How will predictive analytics help us plan?
How Will In Memory Processing Impact GRC?
To get a glimpse of the future of GRC, I think it helps to consider live …
Read the rest of this entry
Posted by: Norman Marks March 14, 2013  Many internal auditor’s want an answer to the question, how do we put a value on internal audit.
Let’s answer another question first: what is the value of a home? The correct answer is that a house is worth what somebody is willing to pay for it.
Now, what is the value of an internal audit function? The correct answer is that it is worth what the board is willing to pay for it.
The value is not some mythical calculation based on the value of process …
Read the rest of this entry
Posted by: Norman Marks March 5, 2013 
A report from the consulting firm, McKinsey & Company, shares valuable insights on the topic of “How ‘social intelligence’ can drive decisions.” Not only is this an interesting read, but governance, risk, and assurance professionals should recognize the risk of not being intelligent and failing to mine the information available in social media. As the authors say, “The costs of navigating without a social-intelligence map can be substantial.” They should also understand the …
Read the rest of this entry
Posted by: Norman Marks February 12, 2013  Are you still using the same personal mobile phone and tablet in your personal life as you did just 3 years ago? Most are quick to adopt new technology and all its capabilities, such as the iPhone 4 or 5, iPad with Retina Display or the Samsung Galaxy.
But I am going to guess that most of you are using the same technology as you used in 2010 (if not much older) in your work life – whether …
Read the rest of this entry
Posted by: Bruce McCuaig February 7, 2013  In a recent interview I was asked, “what is mobile GRC, and how does it help?”
Afterwards, I realized that I had underestimated the potential impact of mobility on governance, risk, and compliance.
Years ago, Marshall McLuhan, an early prophet of the electronic age, coined the phrase “the medium is the message.” Many scholars have attempted to interpret this rather enigmatic phrase. My view is that the interpretation is simple and the implications profound.
The attributes and many of the benefits of mobile technologies in GRC are …
Read the rest of this entry
Posted by: Bruce McCuaig January 17, 2013  In my last blog, Control Effectiveness—Is the Glass Half Empty?, I examined how control effectiveness is often measured incompletely and inaccurately. Let’s look at what we learned and discuss a better way to determine effectiveness.
There are three lessons we can learn about making conclusions on control effectiveness:
Controls’ effectiveness can’t be measured against “control objectives”. Control effectiveness can only be measured against the broader, business (or in the examples, community and therapeutic) objectives. (Most of the major corporate failures we have seen in the …
Read the rest of this entry
Posted by: Bruce McCuaig January 15, 2013  Control effectiveness opinions are what we expect from auditors. But what does a control effectiveness opinion really tell us?
None of us would conclude a glass is half full without knowing how big the glass actually is. The amount of liquid currently in a glass doesn’t tell you anything unless you know how much liquid the glass will hold.
Similarly, control effectiveness opinions are often based on knowing only half the facts. Many, if not most, of the major corporate failures …
Read the rest of this entry
Posted by: Greg Ertel January 8, 2013  There are many ways people rationalize away risk when it comes to their companies. Ever heard someone say, “We don’t manufacture a tangible product, therefore, we’re not at risk for global trade violations”? Or, “We only sell to domestic markets.” Or even, “Our product is simple and clearly for civilian use, so it poses no military threat.” Assumptions like these could be putting your company at extreme risk.
Screening Business Partners Is Good
Companies that do any type of business must, at a minimum, screen …
Read the rest of this entry
Posted by: Norman Marks January 3, 2013  Each of us, in our personal lives, has suffered with people who don’t have anything good to say. All they do is carp and point out all your mistakes, even when they are not mistakes.
The back seat driver is the epitome of this annoying individual. He doesn’t participate in helping you get to your destination, but just annoys with complaints and pointing out when you missed your street.
The mother-in-law is another caricature of an individual that has nothing …
Read the rest of this entry
Posted by: Norman Marks January 1, 2013  The traditional answer is an emphatic “Yes!”
But times, they are a-changing.
Until now, detective controls have been based on a review of reports at the end of the day, week, month, etc. They are designed to detect errors that slipped past any controls earlier in the process. Detective controls are often, but not always, cheaper to operate; but the risk is higher that an error (deliberate or otherwise) may not be prevented and its detection may be too late to prevent a …
Read the rest of this entry
|
