HOME EXECUTIVE LIVING E-NEWSLETTER SUBSCRIBE READER SURVEY CONTACT US
 
 

 Archives
All Archived Issues
Archives by Topic
Keyword Search

 Current Issue
From the Editor
From the Publisher
Features
Departments

 For Our Readers
Subscribe
Order Reprints
Order Back Issues

 For Our Advertisers
Welcome
Our Advertisers
2008 Editorial Calendar
Magazine Circulation
Reader Profile
Advertising Rates/Specs/Options
Testimonials

 About Us
Executive Decision Team
Contact Us
 
 

EXCLUSIVE Risk Management: The Other Big shared Services Benefit


Author: Susan Hogan and Kyle Cheney



Shared services organizations (SSOs) have long enjoyed a well-deserved reputation for helping large companies to cut administrative costs. Now, in a world full of regulations and intense public scrutiny of corporate financial practices, another, less obvious shared services benefit is beginning to share the limelight: the ability to better manage risk. Done well, adopting shared services can help companies not only significantly reduce the risk of financial misstatements and fraud, but also increase audit and compliance efficiency. Here’s how.

How shared services works

An SSO is an in-house organization that consolidates business processes from multiple divisions, subsidiaries, or locations into one or several “shared” organizations to eliminate redundant processes, systems, and organizations. Most SSOs include finance processes such as accounts payable, fixed assets, and general accounting, many of which generate the raw data used for a company’s financial reporting and compliance activities. SSOs can also house information technology (IT) processes such as server management, data center operations, and security and controls Typically, an IT SSO hosts the essential data (including financial data) and IT infrastructure used to run the business, providing data and applications to the operating units from a central location. Other processes often placed in an SSO include HR processes such as payroll, pension/benefit administration, and hiring and on-boarding; procurement processes such as purchase order processing, invoice entry, payment, spend analysis, and sometimes even knowledge-based functions such as research and development, legal, and marketing.

Regardless of what processes they house, all SSOs strive for certain characteristics in order to deliver their cost-saving benefits. An SSO usually operates out of one or, at most, a few low-cost locations, resulting in a physical relocation of both people and processes from the business units. SSO processes are standardized and automated for efficiency, and SSO personnel and the SSO’s business-unit “customers” are expected to follow consistent procedures. Finally, SSOs find that using a single IT platform, especially if the same platform also supports the rest of the business, can improve their performance.

Shared services and risk management

The same factors that make shared services effective in lowering costs – consolidation, standardization, and streamlining – can also help companies improve the quality and reduce the cost of risk management. In fact, many organizations have already recognized the value of shared services in this area. In a 2007 Deloitte survey of shared services leaders, respondents reported that the benefit of improved controls due to shared services was nearly as important to their organizations as reduced operating costs.1 These improved controls, moreover, can help companies save money: 53 percent of the survey respondents reported that their SSOs made compliance with the Sarbanes-Oxley Act of 2002 (Sarbanes-Oxley) less expensive than it would have been without shared services.2

Improving risk management quality and reducing its cost are two key goals of Risk Intelligence, an enterprise-wide approach to risk that, among other things, helps an organization to more effectively manage risk across organizational silos, use standardized risk management processes and metrics, and consider risk management an organization-wide responsibility.3 Shared services can help organizations pursue a Risk Intelligent approach in a number of ways. Among the most important:

• Process standardization. Standardizing processes as part of a shared services implementation can improve enterprise-wide control effectiveness in two ways. First, standardizing SSO training programs and customizing the training to be specific to the SSO’s processes and systems allows all SSO personnel to be trained to follow the same procedures in the same way. This can help maintain common business processes, which are easier to monitor than disparate business processes. Second, when implementing an SSO, a company can evaluate the controls in place over each process at the business units, decide which controls are most effective, and implement the most effective practices at the SSO, bringing the entire SSO’s control effectiveness up to the standard formerly achieved by only the most effective business unit.

• Technology standardization. Standardized technology can improve information quality and reduce the probability of errors. If an SSO uses a single technology platform – especially if the business units also use that same platform – information can be processed more effectively than if data had to be converted to be compatible with different systems and applications or if it were manually managed using spreadsheets.

• Personnel consolidation. Centralizing the people doing the work – for example, the programmers responsible for maintaining a company’s IT environment – into a single location makes them easier to supervise, reducing the risk of fraud.

• Segregation of duties. At companies whose SSOs employ more people than were employed in back-office functions at any one business unit, the scale of the SSO may make it easier to maintain separation between key financial and IT-related responsibilities. The SSO’s size can allow the company to assign different parts of a sensitive task to different SSO staff, whereas a business unit may not have enough people to always do so.

• Separation from the business units. Separating certain processes from the business units can help companies implement checks and balances aimed at reducing fraud. For example, requiring an SSO to approve and process a purchase order submitted by a business unit can reduce the ability of a business-unit employee, acting on his or her own, to make fraudulent purchases.

• Process consolidation. Consolidating processes in the same physical location can improve audit efficiency by streamlining the testing of processes and controls required by Sarbanes-Oxley and other regulations. Instead of testing processes and controls at each business unit, the company’s internal and external auditors can perform the bulk of their testing on the consolidated processes and controls at the SSO, then give each business unit a certificate of the results (often referred to as a clearance memorandum) to support further compliance needs at the business-unit level.

• Automated controls. Automating controls as part of an SSO implementation – for example, enabling automated, systematic matching of accounts payable invoices to purchase orders and receivers – reduces opportunities for human error and fraud. In addition, automated application controls within an SSO’s standard software applications often need much less testing than manual controls, further reducing the effort needed for Sarbanes-Oxley compliance and internal audit. We have seen automation and process consolidation drive tremendous savings – savings that are typically not captured in the initial shared services business case – at companies that implement regional SSOs that take ownership of key internal controls, removing the burden and cost from each historical business unit audit.

Page: 1 2 3  
 
 

Executive Journal
Weekly e-Newsletter
 

  Headline Articles
  


 
 
Terms of Use | Privacy Statement | Copyright 2008 © United Publishing Media | Powered by Aixen