An Application Platform Approach for Compliance and Risk Management
Organizations must align strategies in order to meet regulatory guidelines to reduce operational risk. Businesses of all different types cannot afford process error and data breaches, which has led to large investments to secure data and assets.
Now, combine the fast-paced world of digital business and access to new sources of data, and organizations find themselves investing even more in compliance management.
Forward looking companies are using the best of enterprise IT software to adopt applications that use defined workflows, fixed business rules and process automation to establish solutions that enable the most accurate and safe compliance monitoring to mitigate risk.
A panel session at Appian World 2015 featured an interactive Q&A session with leaders across mainstream industries including financial services, pharmaceuticals, and professional services, who have all introduced a modern approach to custom software with Appian to become highly compliant in order to meet business objectives. The panel featured Josh Seeman, Director, Process and Software Quality, Janus Capital; Neil Sanford, Assistant Director, BPM and Architecture, Sanofi; and Marck Aghnatios, Director, Advisory, KPMG.
Below is a recap of the Q& A panel session:
What are some of the larger challenges in understanding cross-business risks, especially in understanding ‘in-the-moment’ triggers?
“The challenges are around access to data,” said Aghnatios of KPMG. “More importantly, who can access the data and where it is being accessed. Data must be made accessible, as this is essential for the organization to define process, but all data must be in compliance at all times.”
Are there opportunities to unify process across silos and gain ability to shift decision making with better information?
“There are so many rules and regulations in place that must be taken into consideration,” said Sanford of Sanofi. “We have systems in place across each application that are customized within Appian to each data source in order to meet compliance. Standardizing data across multiple business operations on a single platform is huge for successfully managing risk.”
How can firms manage oversight of work more effectively and establish clearer levels of accountability?
“Human change management is huge right now,” said Seeman of Janus Capital. “The way people work now is not the way they will work in the future. There is an accountability everyone owes with risk. The challenge is what needs to be implemented in order to improve compliance and mitigate risk.”
“It’s important that when risk surfaces, you must make sure it does not affect the entire organization,” said Sanford. “You must have your IT teams in place organization-wide to address even the smallest issues in the quickest way possible.”
How are you and your clients striking the right balance between risk and return?
“Everyone in this room has been subject to a process error, and that issue often gets resolved by someone outside the organization,” said Seeman. “This results in organizations becoming too resource-heavy. It’s important to create knowledge workers who are ingrained in your processes and can resolve errors quickly to strike the right balance between risk and reward.”
“The risk and reward tolerance varies by industry,” said Aghnatios. “Things in the financial services arena may be different than in pharmaceuticals as far as what is deemed as a risk. You must establish and define early on with each project what the risk tolerance must be.”
How have recent data breaches impacted your organization?
“I have a specific environment of workers who are dedicated to entirely monitoring information and data across our systems,” said Seeman.
“We are very careful as to the information we make available,” said Sanford. “For this reason, our applications are hosted in an on-premise environment. Cloud is making huge strides in this area, but our organization is not ready to make that jump.”
“You have to define your hosting environment to help mitigate a data breach,” said Aghnatios. “Given the sensitivity of data, certain applications will be able to be hosted in the cloud, while others must remain on-premise. It’s all about defining the business before implementing.”
-Mike Ingrisano, Media Relations Manager