SINGAPORE, 8 OCTOBER 2008 - There is an urgent need for large enterprises in Asia - particularly in the financial services sector - to take stock of their governance, risk and compliance (GRC) procedures as the global financial crisis unfolds, according to global IT management software provider CA.
Once the credit crunch and related financial storm calms, CA expects governments and financial regulators to crack down even harder and to introduce tougher enterprise governance, risk and compliance regulations.
Malcolm Lister, CA's vice president of alliances and industry solutions, Asia Pacific and Japan, said that the need for Asia enterprises to make sense of their GRC resources and activity is now urgent. Those that manage to do so can expect to save up to 20 per cent of their compliance costs and stand a much greater chance of weathering financial crises through good governance.
Major compliance cost
Lister cited a Deloitte global survey of financial institutions early this year which found that they spend at least 3.7 per cent of their net income on compliance alone.
He said that taking the DBS Bank, with a 2007 net income of SG$2.5 billion) as an example, savings of 10 20 per cent would amount to SG $10 - $20 million.
The key thing about governance, risk and compliance; the key requirement to enable effective decision making, is transparency, said Lister. And that is the one thing that is absolutely lacking globally at the moment.
I don't think there is any doubt, in view of the current turmoil, that there will be an increased requirement for transparency, in terms of positions and liquidity, from an external (government) point of view. Without any doubt there will also be an equal requirement, from enterprise boards, for senior management, for much greater transparency, so they can make better decisions.
He said this will likely lead to greater pressure on enterprise executives from the CFO, to the auditors and to the CIOs, who will face greater demands to very precisely quantify their IT outcomes and benefits, so the board can make informed decisions.
Confusing and complex regulations
Large multi-national enterprises can face up to 45 different sets of regulations with which they must comply, and tracking these manually is very difficult because, in many cases this information is fragmented across the enterprise and recorded on thousands of spreadsheets, controlled by diverse internal managers.
CA serves customers in more than 140 countries. It offers a system called GRC Manager which they say provides portfolio management of IT risks across the enterprise, as well as IT control automation solutions. CA says that GRC Manager also enables customers to map their diverse IT risks and controls to specific legislative mandates, industry regulations, and corporate policies.
Sign up for CIO Asia eNewsletters.