I am devoting Thursday posts in coming weeks to a banking story designed to illustrate the value that an enterprise GRC solution can bring to a fictitious bank named SteadyBank. The inescapable truth is that in any bank, serious problems will crop up from time-to-time. The impact felt on those occasions has much to do with the extent to which there is a good process in place to help surface problems and to deal with them effectively and efficiently. Technology can play a vital role in putting a well-validated and efficient process in place, so that even when management, the Board and regulators are looking in the opposite direction, they can have confidence that any significant issues will be brought to their attention and handled in a timely manner so as to minimize any negative consequences.
A sufficiently powerful and properly utilized enterprise governance, risk and compliance (eGRC) solution can provide just the sort process in place that I am speaking about. I will illustrate how this is the case by pointing out how technology can help in general terms, and I will also share an occasional screenshot from the SAS Enterprise GRC Solution to help me illustrate more specifically the functional capability that addresses the need.
This is an experiment to see whether or not telling a GRC tale in nine weekly episodes is well-received. I am going to share the titles (broadcast dates) of the upcoming episodes much as if you were previewing a season series on Netflix!
- Understand GRC through SteadyBank (September 6)
- Ned spots trouble (September 13)
- Jake adds pieces to the puzzle (September 20)
- Quest for the truth (September 27)
- Deciding what to do (October 4)
- Dealing with the crisis (October 11)
- Fixing the process (October 18)
- Keeping a watchful eye (October 25)
- Enterprise GRC payback for SteadyBank (November 1)
I look forward to your feedback as the episodes pass and the story unfolds -- please do comment as frequently as you like! Finally, this soap opera applies to all industry segments and the public sector as well. Financial services happens to be most familiar to me, but certainly is not alone in having personality conflicts and natural tensions among an organization's executive team that struggles for alignment as it deals with change, prioritizes objectives, constrains resources, repairs strained employee morale, tempers customer expectations, bends to financial pressures, reassures concerned regulators, satisfies demanding stakeholders, and so on.
Now we begin with a few introductions! First up is SteadyBank itself!
An aggressive US regional bank that has grown largely through acquisition over decades, SteadyBank is now looking to solidify its customer base and market territory and to grow organically. SteadyBank will experience some wrenching struggles as it battles to grow revenue and market share. Like its competitors, SteadyBank wants to keep shareholders happy, enhance its customer experience, improve employee morale, and strengthen regulatory relations. No doubt, a tall order in today’s challenging business climate!
In the heat of the battle, SteadyBank learns some difficult and painful lessons, e.g. conflicting goals represent very real risk, change does not always come easy for their employees or their customers, and bad situations can be made much worse – especially when management is operating under some seemingly reasonable but nonetheless false assumptions! The situations that SteadyBank encounters are broad in scope. In fact, they touch all areas of an enterprise GRC program!
Character Sketch of Ned Thomas, CRO, SteadyBank
Ned Thomas, CRO at SteadyBank, is a natural-born skeptic who doubts and discounts most of what he is told, or reads for that matter. Hence, Ned likes to question and he is very persistent. He is a “big city” guy and he works for an aggressive regional bank. Ned has run into some “royal messes” in his time and he knows that things often are not what they initially appear to be. As a result, Ned recognizes the value of collaboration and of creating a culture where issues are surfaced quickly and all relevant information is volunteered without the need of conducting pointed interrogations.
Ned gets provoked when he thinks someone is either concealing information that he seeks, or is putting their own spin on things in order to put themselves and their interests in the most favorable light. Ned’s mantra in the Risk Management Division is “Say it like it is!” For Ned, how the game is played is just as important as winning the game. Ned is on a constant lookout for reckless behavior and corporate policy violations. Ned believes that SteadyBank and all of its officers and employees can, and should, be principled achievers.
Character Sketch of Jake Jabber, COO, SteadyBank
Jake Jabber is a feisty fellow who possesses decades of line management experience in all facets of financial services. Jake has found the perfect opportunity to exercise his business skills and to leverage his experience. SteadyBank has no shortage of challenges in today’s banking environment, and we will soon see whether Jake is up for the challenge, or if he is “over the hill!” Jake has his eye on the CEO job, but for the time being, he is consumed with meeting some ambitious profit plan goals that will cause some cracks to form soon at SteadyBank Operations Company!
Jake is very impatient and his pet peeve is “idle hands.” His staff recalls the time that Jake asked a new face in a meeting to stand up, introduce himself and point out what he had accomplished recently. The unsuspecting staffer, Pete, announced his name, his manager, Paul Winkler, and then stated that he had not accomplished much because he just gotten on board two months ago. Pete did not realize that to Jake, two months is an eternity! Jake sarcastically thanked Pete, explaining how the phrases “just got here” and “two months on the job” were contradictory! Jake later had a few more words to say to Paul Winkler about the speed at which Paul was getting new hires producing value. For Jake, results are what counts. Jake’s motto is “Winning is not everything, just the only thing that really matters!”
Character Sketch of Paul Winkler, SVP & Tech & Ops Manager, SteadyBank
Paul Winkler heads up the IT Operations Center and he reports to Jake. Paul is the consummate “go along guy” and he takes great pains to see that no one “rocks the boat.” Paul makes sure that his direct reports are aligned with his views and he does not mind using a little public humiliation as a tool when a simple” wink and nod” to go with the flow do not suffice! That usually works. Paul is particularly annoyed when his dictates or authority are questioned.
On any important initiative or change in operations, Paul gives his “train is leaving the station” analogy. He tells staff they have two options: get on the train or get left behind! Everyone in Paul’s operations center fears his wrath and they observe that messengers of bad news are always shot. This weighs heavily on in their minds and permeates the work atmosphere, how secure workers feel, and their approach towards performing their tasks and meeting their goals. Seemingly paradoxically, Paul broadcasts that his culture is a proactive one. The mantra in SteadyBank Operations Company is “If you see something wrong and do nothing about it, then you become part of the problem!”
On the next post, we will check-in with Ned bright and early on a typical Monday morning that turns out to be far less typical than Ned would have liked!
Note: If you are interested in this series, you will also find value in another GRC tale that illustrates the value of a GRC solution relative to preventing and dealing with a breech in security leading to the theft of customer information. (To access it, simply click on the embedded link in the previous sentence!) Be sure you read the whole Steadybank saga, so you can learn the GRC lessons of SteadyBank.
Drawings © 2012 Brad Abrahams