Page 78 -
P. 78
Strategic Aspects 39
control of technical experts does not make it possible to judge
alignment with regulatory requirements.
The opposite is also true: the more an IT system increases
its transparency by using business repositories, especially
master data and business rules repositories, the more a
company has a determining advantage to act on markets in a
way that conforms to law. A process repository (a.k.a. a
BPM) is less of a determining factor because legislation is
not interested in the way in which a company is organized.
Business regulations are more concerned with the respect of
data, and rules traceability and auditability.
2.1.1.1. Compliance and governance risks
Faced with the pressure of regulations, a new corporate
management domain has appeared with Governance, Risks
management and Compliance (GRC), which aims to manage
the risks and guarantee successful sustainable development
for a company, while at the same time limiting errors and
fraud. Software vendors have dived into this field proposing
business solutions for risk management. Sadly, most of these
business software suffer when it comes to integrating them
with the rest of an IT system, especially with the
synchronization of data repositories with those already in
place in a company. It is necessary to study the introduction
of this type of solution with care because there is a danger of
creating a new application silo, based on a risk management
scope, not in line with operational systems.
On the contrary, risk management must be integrated
with production systems. In order to do this, it is not enough
to place a new software package in the IT system landscape,
even if it were specialized in risk management. As long as IT
systems are not based on a unified, transparent and reliable
management of data repositories, risk management and
alignment with regulations will remain approximate.
