When I reach the bustling crowd of internal auditors and controllers, I can’t help but get excited. It looks as if every industry is represented at this event. The world seems to be going on a date in Paris. Quickly, I meet some French and Belgian clients, but through the course of the day I will also have the pleasure to meet wonderful people from South Korea, England, Italy, Germany, Congo and Morocco.
The presentations, the question and answer sessions, and the meetings are split over two days and they include prestigious speakers and enthusiastic practitioners. I come away with the notion that governance, risk and compliance roles are converging and that organizations are taking control of their business thanks to the three lines of defence, and to numerous tools like analytics, segregation of duties, DRP, etc. An EY presentation reminds me that there is still some work to be done from an organizational perspective to coordinate all these practices. If you’re still skeptical, an interview with an operational manager who frequently engages with stakeholders should convince you.
At the same time, the Chief Internal Audit Officer seems to be more and more frequently responsible for contributing to the transformation of the company. Also, the notion of performance is integrated into their speeches more than I’ve seen in previous years. For example, Dr Markus Wissmann, Group Director Internal Audit to METRO, presents the topic, "Auditing the Company to Adapt to New Business Models". Another director of internal audit, at OECD, exposes the IIA maturity model called the Internal Audit Capability Model, which, at its highest level, proposes: 5. Optimizing - Key Agent of Change.
Governance, risk and compliance practices can provide even more value when we factor in the time dimension and the controlled deployment of the strategy. A static analysis of a company that is already supported using modeling practices has to become a dynamic analysis. This trend is particularly exciting to me because it’s what MEGA has been pursuing since the beginning and it’s what led to the development of our integrated solution:
An enterprise architecture repository becomes the single source of truth for those contributing to the transformation of the business. This repository is shared by all and allows easy cooperation between departments. It is the single point of reference which allows all interested parties to expose possible risks and offer recommendations for optimization.
The next practices in this domain will certainly lead me to meet more Directors at the IFACI, who are contributing directly to the Business Management System update and its empowerment or to a transformation plan.
I will conclude this blog post with two ideas:
The first one is represented perfectly by the picture of the gala dinner on a grand boat on the Seine. It is Farid Aractingi, President of the IFACI & Vice President of the ECIIA, greeting the captain. Without any doubt, with IFACI's managing director Philippe Mocquard, they knew how to ensure the success of this event. The City of Lights is a magnificent place for our professional meetings (ECIIA, CSDM, etc.) … that inspires us!
My second point is a set of funny quotes from Émile de Girardin (Napoleon of the press) which I like using to appreciate the practices of GRC: "To govern, is to plan." or "There is nothing to win by compromising with error or injustice." I invite you to look for more of these poking quotations.