Monday, 23 April 2012

Responsibility in the Control Ecosystem

Responsibility in the Control Ecosystem

In every Business Risk & Control environment a maker / checker principle is adopted. Within more developed approaches the question of the relationship between those two functions becomes a central point of calibrating the Control Ecosystem.

Model 1: “Checker” is just responsible for verification of control execution once implemented. On delay of implementation, the checker remains ‘compliant’.

Model 2: “Checker” is responsible for verification, no matter if control is implemented or not. On delay of implementation, the checker also falls ‘incompliant’.

Model 1
Model 2
Fair attribution of original source of delay
“Checker” is motivated to ensure control is implemented or he will become overdue
No motivation of “checker” to ensure control implementation
Unfair status to “checker” if “maker” is delayed
“Checker” may get biased of control verification if he was pushing the “maker”

While Model 2 appears to provide a significant benefit of creating internal dynamics within the organization to implement controls, the risk that the “checker” becomes biased increases. If the “checker” engages into the implementation of the control, his verification might be impacted. While every business risk & control ecosystem looks different, it appears that this problem can be circumvented by a proper definition of the verification steps and required evidence.

As highlighted both approaches appear to have advantages and disadvantages but the detailed knowledge about these, may provide the organization a basis to decide for an appropriate structure for themselves.

The Business Rick & Control Management Solution from digital-media-lab allows calibrating the control ecosystem between “maker” and “checker” to exploit dynamics as listed above. Furthermore the modules providing statistics provide interesting insights into the relationships between different parties.

For feedback or questions on this topic or our solutions, please contact us.

No comments:

Post a comment