Creating a digital risk framework and center of excellence

DRM and the role of the Controller: Part two

​In our previous post, we discussed the importance of digital risk management (DRM) as a digital governance framework and strategy that can help companies manage the risk associated with the end-to-end lifecycle of digital transformation involving advanced technologies. As the digital transformation of controllership, finance, and organizations moves into the landscape, DRM can help enhance controls while increasing return on investment (ROI) and protecting value.

July 13, 2018

A blog post by Julie Velayo, principal, Deloitte & Touche LLP

Building bots and managing risk is only a start to driving real value from an automation program; there is a need for governance and management of robotic process automation (RPA) processes on an ongoing basis. Creating a digital governance center of excellence can assist finance professionals and controllers in defining ownership of activities across the digital landscape and its associated risk management space. This can help structure the governance of digital technologies, increase the benefits of digital transformation, and empower a risk-controlled environment for complex technologies such as robotics, analytics, and cloud computing.

Back to top

How to create a center of excellence

The DRM framework consists of three main pillars—plan, enable, and monitor—that help structure risk management and assist controllers and finance professionals as they navigate ongoing digital transformation challenges.

Using these three pillars as a framework, one can begin to structure and organize a center of excellence for a more broad approach to RPA and other technologies. To begin, consider some of these specific decisions, impacts, and considerations within the three pillars:

Plan and align

  • Ongoing opportunity analysis: Deploy process selection standards and guidelines for determining potential ROI
  • Maintain ongoing risk assessments: Sponsor initial risk assessment, maintain ongoing risk metrics
  • Support organizational re-design: Define roles and responsibilities, manage human and digital workforce deployment
  • Encourage business case development: Maintain a process for future technology business cases

Enable processes and controls

  • Implement and maintain controls: Ensure the commensurate controls are in place and being maintained
  • Drive change management: Define standard process for executing changes to existing systems and structures
  • Address training and culture: Deploy role-based training; shift workforce to more strategic roles

Protect and monitor

  • Confirm regulatory and compliance adherence: Understand regulatory and compliance nuances as they relate to advanced technologies
  • Prepare for audit activities: Certify controls in preparation for potential audit activities
  • Maintain ongoing protections: Act as a central hub for cyber protection, brand and reputation monitoring, and crisis management activities
  • Outcome analysis: Perform ongoing measurements against defined key performance indicators (KPI)

Back to top

Benefits of a center of excellence

During our April 2018 Dbriefs webcast, more than 1,500 finance professionals responded to a poll noting that the responsibility of owning and governing digital technologies, such as robotics process automation, is localized within information technology (IT) departments (38.9 percent) or fragmented across each department that utilized the digital technology (15 percent).

Focusing ownership of digital solely on IT can be a barrier to realizing the value of digital technologies. Furthermore, a fragmented lack of ownership or central digital governance framework can also create inefficiencies and block the numerous benefits of a center of excellence. These benefits include:

  • Efficiency: Effective oversight procedures and change management processes increases the efficiency of digital technologies.
  • Quality and accuracy: Proper monitoring of technology performance improves outcomes and compliance, and empowers risk and processing error mitigation.
  • Resource shift to higher value work: Efficient digital technologies with demonstrated ROI lessen the need for manual control so resources can shift to higher value roles within the workforce.

When starting to, or even just thinking about, creating a center of excellence to organize and govern digital transformation, it is important to remember that it takes time. It does not have to begin with a large headcount allocation or resources outside budget confinements. Start by focusing on the digital governance framework, the guidelines, and the three pillars of digital risk management within your organization's current environment. Establishing a center of excellence for DRM should scalable, flexible, and can evolve with the ever-changing digital transformation of finance and controllership.

Back to top

​Visit the Controllership Insights blog for additional blog posts.

This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Site-within-site Navigation. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?