Although Risk Management draws lot of interest universally, it is something like individual spirituality – everyone has their own perception and opinion of what it means to them. There are 2 aspects of any Risk Management program
- Defining the standard process and ensuring availability of process guidelines to people that matter, their acknowledgement and understanding of the definition
- “Auditing” that the process is executed as per definition with a focus on continuous learning to improve both the internalisation and execution of the process
An effective Enterprise Data Management (EDM) strategy plays a significant role in supporting an organisation’s Risk Management initiatives.
On the one hand it helps to organize the Policy documents, manage their versions as the processes mature and their documentation undergoes change. These are easily retrievable by team members who may access the documents on a need to know basis. At all times an EDM tool would maintain audit trails to record all acts of omission and commission. This exercise helps to build and cement an organisations assurance framework and send out a clear message on the organisation’s governance efforts.
On the other hand, at the execution end, it becomes imperative to associate documents with the transactions as they happen, which would assist the auditors with the “place for everything and everything in its place” approach. When they do an audit of the core systems (ERP / Core Banking application etc.) the documents are attached to the transaction and are easily retrievable at the click of the button instead of a disjointed existence – data in computers and documents in some offsite location. This saves time for both the auditor & the auditee. This more efficient mechanism ensures that the audit team can have a larger footprint (more transactions / locations / departments covered) within the quarterly deadlines.