Tips from PwC: use BPM to guard your business against risk.
80% of your processes are putting your business at risk. Get PwC’s 5 indicators that your BPM and risk management efforts may fail.
Most processes follow a simple, happy path, right? For instance, the customer makes an inquiry, you send them a quote, they place an order, you check availability and deliver the product, and once you bill the customer they make payment.
That may be the case about 20% of the time. But when risk enters the equation, the reality is quite different. Few processes are immune to risk.
James Goldsbury, Senior Manager, PwC Risk Assurance says organizations can leverage business process management (BPM) to better manage those inevitable risks.
In James’ experience and according to PwC’s research, “Only around 20% of transactions follow what is defined as the happy flow. The remaining 80% follow a transactional flow that management may not be aware of, or that isn’t the defined flow for a particular process.”
Expect processes to be derailed by risk.
Although the concepts of process, risk and controls are well understood within the BPM community, organizations experience significant challenges when it comes to documenting processes and managing risk.
Why is that?
Process teams generally focus on capturing what is meant to happen – that 20% of the time when everything goes according to the happy flow – along with the what, when and how.
But what process documentation frequently doesn’t capture is the checks and balances - what the controls are. They don’t consider what could go wrong and are even less likely to document what happens when processes break down.
The result is that senior management and the board don’t get a clear idea of the level of risk associated with a particular process. Ideally, senior executives need this information to be comfortable that the risks associated with business processes are being well managed.
4 factors that put your processes at risk.
The consequences of having unmitigated risks in your processes can be significant and could lead to your organization having to answer some challenging questions.
When the PwC audit team sees things go wrong in process and risk management, it’s usually because:
- 80% of the time, standard processes weren’t followed
- Not everyone knew what the processes were
- Senior execs didn’t anticipate the issues that could arise
- Insufficient controls were embedded in the processes.
James suggests applying the Four Lines of Defence model to protect your organization and manage risks:
- First line of defence: Internal controls implemented by management
- Second line of defence: Management oversight and self-assurance
- Third line of defence: Internal audit
- Fourth line of defence: External financial audit
Nintex Promapp recently hosted a webinar with James where he walked through how to include the Four Lines of Defence model in business process management to prevent risks like media scrutiny, financial loss and reputational damage.
While you may not be able to make all your processes immune to risk, you will be able to rest easy that teams in your organization are aware of potential risks and know what to do when they arise.
View this webinar to learn how to use process management to guard your organization from risk.