1. Excessive volume of automation tasks
2. A large number of disparate systems
3. Significant organizational coverage
4. Complexity and inefficiency of processes
5. Lack of a single stakeholder
6. Insufficient authority of executors
7. Low motivation of line managers
In addition to controlling the main KPIs, it is necessary to conduct a thorough analysis to identify potential risks and weaknesses of the project and constantly monitor their dynamics.
We must understand that an integrated system of risk management, internal control and internal audit t is born through an integrated interaction environment:
1. Inclusion of all company’s employees in the project (of course, with different responsibilities and volume of work).
2. Collecting data in one interface for centralized work and processing.
3. Embedding of risk management, internal control and internal audit tools into business applications and / or the ability to obtain the necessary structured information from databases.
4. Personal accounts, differentiation of access rights, a list of tasks, reminders and notifications.
5. Convenient, logical interface, program speed and quality, necessary data visualization.
Ideally, you need to put in the system a mechanism for monitoring organization’s material deviations of KPIs (including secondary KPIs), which management wishes to additionally control. The system should separately signal in case of such deviations.
Let's now figure out what means of identification, analysis and risk assessment We need to put into the system:
1. Maintenance of risk registers, incl. operational (at the level of processes), corporate (at the level of departments, directions), strategic.
2. Cascading risks to the levels of departments and processes with the function of centralized and decentralized control.
3. Maintenance of risk matrices with hierarchical classification and separate passports.
4. Project’s data storage and control of risks in relation to WBS and integration with the project management system.
6. Risk assessment with necessary control procedures identification and integration. Risks interrelationships analysis with the possibility of increasing individual risks.
7. Risks impact Assessment on the key indicator’s achievement.
8. Quantification tools, including simulation.
9. Risk-based budgeting using a deterministic approach and probabilistic forecasting.
In the next article, we'll take a closer look at control environments, the three lines of defense, communication, and my approach to project implementation. If you are interested in risk management, internal control and internal audit systems implementation in your company, then I will be happy to help in such projects. Please contact me through my website: https://akonnov.ru/ or through my Telegram channel: https://t.me/biz_in