ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > Operational Transformation: From Risk Management to Value Creation

Operational Transformation:  From Risk Management to Value Creation

| Published: 1/16/2012 8:09 AM | Permalink | Email this Post | Comments (1)
Angsuman Dutta and Prasad Sista
With increasing pressures to cut costs and improve efficiency, accelerating need for accurate, real-time operational information for decision making, and an expanding array of regulations calling for greater visibility and transparency, leading organizations are transforming their back-office operations to align and integrate multiple objectives such as risk management, process improvement and performance measurement.
Back-office operations can be categorized into three fundamental types of processes: 
  • Core processes—Capturing, processing, recording, accounting and reporting transactions originated at the front office. Examples include claims processing, payments and accounting.
  • Management processes—Includes balancing and reconciliation, monitoring and measurement to ensure integrity, and performance. Examples include risk management and control initiatives.
  • Governance processes—Internal and external audit as well as risk assessment, to test, validate and certify the integrity of the core and management processes. Examples include internal and external audit and certifications.
Inefficiencies, risks and performance issues in these processes stem from multiple sources including information silos corresponding to product lines, mergers and acquisitions, and the prevalence of manual steps. Leading organizations primarily in the financial services sector have initiated projects to achieve operational transformation at all levels:  core operations, operations management and operations governance. Some of the repeat themes across these projects are automation, standardization, centralization and innovation. These themes drove large transformational initiatives in the core processes of organizations. We are now seeing the same themes applied to the management and governance layer primarily in:
  • Operational control—A system of checks, balances and reconciliations. Automation of controls reduces manual processing, thereby reducing cycle time and risks associated with the process, and greatly improving its performance.
  • Operational insight—Allows for real-time information to be consistently monitored ensuring end-to-end business visibility into operations, resulting in better decisions in near real time.
  • Operational improvement—Heavily reliant upon measurement. Automated measurement enables real-time reports that help operational managers to keep track of process performance and user productivity.
The emerging trends of automation, standardization, centralization and innovation of operations management processes, such as controls, monitoring and measurement, have created a path for organizations to gain efficiencies in their back-office operations while simultaneously reducing operational risk. This path is timely in the current economic environment that demands organizations to quickly adjust to the new, normal economic reality of doing more with less.
Read Angsuman Dutta and Prasad Sista’s recent Journal article:
Information Risk Management for Supporting a Basel II Initiative,” ISACA Journal, volume 1, 2012


This article sounds like more of the same under a different name.

I agree with all of the comments made about business reliance on technical operations, performance management, and risk management.  However, why do we need to give it a different name - we have always known that risk management and IT governance created value.  Are we now to change the names of our organizations to the Value Creation department?
DonnaH at 1/18/2012 9:09 AM