BPM, EA and Compliance

A few years ago, I was invited to join a debate forum belonging to a group of companies that despite not being involved with the financial segment, discussed the workings of each other’s internal controls areas, SOX compliance and benchmarking practices.

First of all, why were BPM and EA specialists invited to this forum, and second, why am I publishing matters of internal controls in a BPM area that contributes to the subjects of Enterprise Architecture?

Both BPM and EA may be considered control mechanisms that contribute to the mitigation of risks arising due to lack of synergy between various business variables, providing decision makers with a safe and systemic view of the company.

One example to illustrate the situation above is the development initiative (Innovation project) of a new product or service that needs to be documented with its main “artifacts.”

With the appropriate tool – one that supports EA – it is possible to understand not just the deployment of strategic goals, as to the technical and economic viability of this project, but also the potential benefits to income and operating costs, both of which support the business continuity. By employing a standardized process and tools to support EA, we get a disciplinary continuous recording method that maintains historical data available for reuse, allowing for optimum analysis of different projects.

Both the management KPI (also architecture artifacts) as the short-term goals (which are represented in the architecture) are considered project guidelines, and these artifacts have an intrinsic relation not only with the impact to strategic processes, but also to the people and technology, by means of the Enterprise Architecture. This way, any risk of not achieving the pursued goals are identified and measured, as the mitigation controls of these risks  are also identified and represented in the Architecture.

Therefore, the above approach is considered strategic because the development process of a new product or service is directly linked to the Company Mission; and the business strategy aims to attain core competence backed up by key success factors that support goals that meet customer expectations, aside from generating income to pay creditors and profit for shareholders, consequently providing for the continuity of the business.

When someone contributes with an architecture that represents the other operational artifacts related to the variables that deliver the products and services provided by the Organization, and when someone focuses on a common language, communication gaps are reduced. These operational artifacts (which are planned on the operational level to support a given strategy) are periodically published and updated as a part of the activities within a BPM and/or EA structure, enabling and improving communications.

It is also possible to take advantage of the company’s representation and common language to identify and measure operational risks, from business and support processes, to the Information Technology artifacts, in a way that contributes directly to the principles behind SOX laws for controls, which often permeate the organization’s processes and cover the entire Supply Chain.

But what about market and credit risks? They are also a part of any business, and can also be represented as an architecture artifact, enabling greater visibility of its impact on the company’s surroundings. The risks intrinsic to economic changes result in impacts to products or services. This way, one must resize the income estimate as a control measure. One example of credit risk is a change in lending policies that may impair the company’s ability to improve its working capital. Such risk demands systematic monitoring by means of the Income Statement for the Fiscal Year, working capital and conservative disbursement actions through supplier negotiations.

Therefore, it is possible to demonstrate that associating risk management methodology to BPM and Business Architecture is viable, aside from the fact that this approach contributes to the systemic view of the company and resource reuse. When analyzing the various Enterprise Risk Management (ERM) methodologies, it is clear that the representation of enterprise processes is needed for identifying operational risks and possible risk mitigation controls. These processes are supported not only by technology, but also by people, so that it may be possible to achieve the business goals. Thus, you get high conformity standards when:

  • You have a wider view of the Organization (in accordance with the level of maturity and discipline of the company)
  • Optimize the resources consumed for the delivery of products and services
  • Employ internal controls and risk management with BPM and EA as viable solutions

Connect with Red Hat Consulting, Training, Certification

Learn more about Red Hat Consulting
Learn more about Red Hat Training
Learn more about Red Hat Certification
Subscribe to the Training Newsletter
Follow Red Hat Training on Twitter
Like Red Hat Training on Facebook
Watch Red Hat Training videos on YouTube
Follow Red Hat Certified Professionals on LinkedIn
Creative Commons License

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s