Connect with us

Technology

Keeping IT GRC simple by getting IT SaaSed!

Published

on

Richard-Hibbert

Richard-HibbertOrganisations big and small need a collaborative approach to compliance, with affordable entry points and a more agile alternative to managing risk says Richard Hibbert, CEO of SureCloud

21st century organisations are exposed to increasing levels of cyber threat as corporate boundaries are extended through the increased adoption of ecommerce platforms, the outsourcing of business processes to cloud-based providers, and employees’ use of personal devices and social networks in the workplace. As a result, the number of organisations reporting a security breach is growing all the time. In response a plethora of information security standards designed to mitigate risks have been introduced. These standards originate from multiple sources – internal governance teams, trading partners and regulatory bodies – as each takes steps to protect their interests. Even though these standards proffer similar practices and procedures, there is no common or unified approach frequently leaving organisations burdened with multiple, overlapping compliance standards. Furthermore, compliance involves many stakeholders: trading partners, regulatory bodies, external auditors, as well as an organisation’s own people such as the compliance, IT and executive teams. As such compliance cannot be viewed as a single internal process; it can be extremely complex, crossing businesses functions, and transcending corporate boundaries and processes, and needs to consider the different interests and objectives of each stakeholder.

A market with more challenges than answers

Even when it comes to an area driven by regulatory requirements – as Governance, Risk and Compliance (GRC) is – IT spend is kept under careful scrutiny. This creates a recurring problem for most of today’s leading enterprise IT GRC solutions. They are comprehensive in nature and require organisations to adapt internal processes to meet proscriptive software that demands best practice at every level. Their all-or-nothing quality makes it difficult to pilot solutions. Valuable resources are tied up managing multiple point solutions and projects inevitably suffer from lengthy implementation timeframes. And there is a direct correlation between implementation time and the potential for project failure. Another reason for failure is that the software licences are too complicated for what organisations need.

In the absence of automated GRC applications the only real alternative left to IT and compliance teams is to rely on the next best tools for the job – spreadsheets. Spreadsheets are regularly used for such risk assessment activities as asset registers, compliance audits, project planning, risk treatment, records management, 3rd party assurance, user awareness questionnaires, incident responses, gap analysis and management reporting. It is not uncommon to find 100’s if not 1000’s of spreadsheets in circulation between multiple internal and external stakeholders from internal auditors, HR and IT to external auditors, trading partners and suppliers. Process and workflow management, however, tends to be manual rather than automated leading to a scatter-gun approach that is inefficient, labour intensive and complicated. An over-dependence on spreadsheets makes the compliance process extremely time consuming, inefficient and prone to human error. Such inefficiencies have hidden costs and run the risk of delivering results that are not fit for purpose.

Simplifying compliance the SaaS way

SureCloud advocates a collaborative approach to compliance using a Software-as-a-Service model. This approach has key advantages. First, it is much simpler. Immediate compliance goals can be met with a short-term project for just a few thousand pounds rather than having to commit hundreds of thousands to doing everything over a much longer period. Second, starting small and evolving processes to suit specific solutions or use cases over time results in greater agility and considerably reduces the risk of IT GRC project failures. By adhering to four central pillars – agility, accountability, connectivity and scalability – it is possible to automate any IT GRC process. At the heart of the solution are a set of standard template forms – designed in collaboration with hundreds of partners – for all of the key standards that give users the ability to define any input according to fields, lists, formulae or any other type of system object. Single tasks can be built up easily into projects. A central library (with links to SharePoint) stores all documentation and connects to the compliance process. Customer data can either reside within SureCloud or stay on-premise and merely link to the solution. There is a powerful records management facility with granular permissions. Evidence and records can only be approved or removed with the appropriate authorisation allowing organisations to demonstrate their compliance with requisite rules and regulations. Additionally in-built workflows, reports and dashboards help users deliver management and operational information (or they can develop their own if they choose to). Internal and external groups are given access control and the status of their individual input is reflect on the dashboard giving the customer actionable intelligence about they meet compliance, where they do not and where suppliers are posing a risk.

Collaborative compliance in action

SureCloud is able to point to hundreds of financial, retail and central & local government organisations who are benefiting from its approach. One leading UK debt collection agency is typical. Their clients, comprising leading financial institutions, expect a demonstrable a level of compliance with standards such as the Payment Card Industry Data Security Standard (PCI DSS), the Data Protection Act and ISO27001. The collaborative compliance approach has allowed this customer to consolidate multiple solutions into one platform and gain a clear picture of security status and demonstrable compliance with PCI-DSS. Plus

  • Reduced TCO with multiple point solutions in a single platform
  • Clear user interface – easy access to information
  • High quality penetration testing services
  • Highly responsive customer support – product and security related.

Conclusion

Information security compliance is designed to help, not hinder. It recognises the significant value of corporate information assets and the need to safeguard them, both for competitive advantage and to protect personal privacy. With a simpler, streamlined approach that enables collaborative working, every touch point in your information value chain can contribute to your information security programmes, ensuring that compliance is achieved, and maintained, in a cost effective manner. Collaborative compliance embraces multiple internal teams and systems, as well as external stakeholders, to bring together the fragmented compliance landscape and streamline IT GRC processes. With SaaS underpinning the delivery and commercial model, collaborative compliance is the way ahead for organisation seeking visibility and control of their information security programmes, at a price point that encourages trial and de-risks enterprise rollouts.
Most organisations today are seriously under-estimating how easy achieving demonstrable compliance can be.

SureCloud is exhibiting at Infosecurity Europe 2012, the No. 1 industry event in Europe held on 24th – 26th April 2012 at the prestigious venue of Earl’s Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk

 

 

Technology

Bots Are People Too: Robotic Process Automation in Finance

Published

on

Bots Are People Too: Robotic Process Automation in Finance 1

By Tom Venables, Practice Director – Application & Cyber Security at Turnkey Consulting

As technology has advanced, Robotic Process Automation (RPA) has become a valuable tool for finance teams in streamlining everyday processes and operations. Until 2020, RPA worked in combination with skilled human resource to get these vital tasks done – and then came COVID-19.

The economic shock of the pandemic has led many organisations to pare back their workforces, and consequently they are increasingly turning to RPA in order to get the same jobs done for a smaller financial outlay. This acceleration in adoption can deliver huge benefits for these organisations, but comes with a number of tricky challenges to navigate, especially around security, risk and the management of system access.

Removing the margin for error

The premise of using RPA over human finance operatives is clear: robots don’t get tired or bored. Even the most skilled and experienced employee in the world will be fatigued by dealing with a seemingly endless stream of invoice amounts, PO numbers and other data and, over time, it’s easy for mistakes to creep in.

RPA bots don’t have this problem (and neither do they have to be regularly fuelled with coffee). They have the ability to read an invoice, attribute the information within it to the appropriate PO number, and set in motion all the payment and ledger activity related to that data.  Not only do they do all that more reliably than humans, but they do so much faster and more cheaply.  However, this ideal vision can only be achieved if RPA is built and implemented into a business correctly.

Different cure, same treatment

RPA bots do have incredible capabilities for automating and streamlining all these processes – but they first have to be told exactly what to do and how to do it. At a minimum, the controls that apply to human finance staff also need to be deployed to bots, with a view to these controls being even more robust, given the larger workloads bots can take on. It may also be necessary to amend controls so that they reflect the new ways of working; as the business processes change, so too do the key control points which must be captured.

This requires three key elements to be considered:

  • Control execution points: taking an accounts payable (AP) process as an example, an AP clerk will approve processes manually, then pass onto the AP manager so that it has been checked by at least two people. RPA removes this function and reduces the level of human intervention to spot-checks; to avoid errors such as duplicate payments, it is essential to have automated controls working properly.
  • Failure indicators: depending on how they are configured, bots can (occasionally) make mistakes, such as misjudging numbers of a similar format and putting a PO number in as an amount. Bots can resolve these issues themselves, but only if they know about the types of errors they should be looking for.
  • Robust testing: both of the points above mean rigourous testing is critical; how meticulous that testing needs to be depends on the amount of work RPA is taking on. If, for example, RPA is handling half the cash outgoings at an organisation, then controls need to be sufficiently strong to match the risk posed to the business if things go wrong.

Safety still comes first

Along with controls, how RPA fits in with the organisation’s security provisions must also be considered. Bots can process a large number of invoices in a very short period of time. This speed is potentially enough to trigger warnings around security breaches as System Information and Event Management (SIEM) systems may perceive it as abnormal activity and flag it as a threat to the organisation; allowances need to be made to accommodate this major change in ‘usual’ activity.

It’s also worth remembering that bots are also pieces of software and, like any piece of software, they are therefore at risk of cyber attack. Because they are required to process lots of sensitive information at high speed without triggering alerts, they are often an attractive target for cyber-criminals. As well as considering bot security such as who can access their configuration, it is crucial to keep the authorisation assigned to bots to an absolute minimum in order to limit their risk profile and eliminate credentials often given to them that are unnecessary.  Minimum authorisation states that the (bot or human) user should have only the level of access needed to perform the tasks required of them.  The high volumes of processing undertaken by bot accounts reinforces the need to apply this principle, despite the temptation to ensure they can work with multiple scenarios without interuption by widening authorisation (which increases the risk they can undertake activity they shouldn’t).

In summary

Overall, RPA bots can and should be immensely powerful assets to most organisations in the unpredictable months and years ahead – but only with the right implementation. With risk, security and controls kept front of mind, the efficiency of finance operations can be improved, resulting in meaningful savings, and a reduction in the pressure put on the human finance staff.

Continue Reading

Technology

How to drive effective AI adoption in investment management firms

Published

on

How to drive effective AI adoption in investment management firms 2

By Chandini Jain, CEO of Auquan

Artificial intelligence (AI) has the potential to augment the work of investment management firms to unprecedented levels, powering decision-making, driving efficiencies, and ultimately improving performance. In fact, the market for AI in asset management is expected to grow to an astounding US$13.43 billion by 2027, expanding at a CAGR of 37.1% between 2020 and 2027. Innovative firms are applying AI across the industry value chain and transforming the ways in which they use the ever-expanding amounts of data that are available to them.

However, that’s not to say that there aren’t challenges and obstacles involved in leveraging the technology. AI adoption is not a ‘magic bullet’ that can solve inefficiencies without the right set-up, nor should it be treated as a simple ‘add-on’ that portfolio managers (PMs) can tap into when they see fit. AI implementation in an investment management firm requires a number of prerequisites in order to have maximum impact. But first, let’s take a look at exactly how AI can boost the performance of investment management firms.

How AI adds value

Implementing data analytics into the investment management value chain holds a number of benefits. For example, when it comes to front office operations, AI can supplement investment decisions by drawing insights from alternative sources of data such as satellite imagery or social media, while also automating the analysis of large datasets. Data science teams working within investment management can build simulations to allow PMs to predict the performance of new investment ideas. They can also use AI for trading – to optimize trade execution and automate trading decisions.

One example of using AI to power alpha generation comes from Man Group, which saw a five times increase in assets between 2014 and 2018, and whose funds that incorporate AI total more than US$12 billion. Front office operations are arguably the business area where AI holds the most potential.

When it comes to distribution and marketing, AI can improve prospect and sales targeting using segmentation, predict and reduce attrition, support personalization, and help develop pricing algorithms. Data analytics can also be implemented into the areas of operations, tech, and support to automate processes, improve talent targeting, predict team member performance, and strengthen compliance, amongst other uses.

Going beyond simply reducing costs and driving efficiencies, AI is providing new opportunities for investment management firms to transform how they use data to operate and inform decisions. But despite all of this, adoption levels are still relatively low: A 2019 survey by the CFA Institute found that only 10% of PMs responding had used machine learning (ML) techniques during the year prior. Furthermore, a 2019 report by BCG found that less than 30% of asset management firms are actively leveraging data analytics. Evidently, launching an AI project is not an overnight process – nor is it one that guarantees success without the right prerequisites in place.

Here’s how investment management firms can set themselves up for success and ensure readiness for AI implementation.

Embed a data culture 

Before steaming ahead with any AI project, investment management firms need to ensure that the entire organization appreciates the value of data-driven decision making. A firm may have already hired a data science team or gained access to alternative data sets, but if it doesn’t have a culture of systematic decision making that permeates across the organization, the success of any AI project will be limited.

How can firms ensure that this is the case?

Ultimately, building data-driven must start at the top: the CEO, CIO, and all other executives must lead by example and evidence of their own commitment to data-based decisions. If leaders want their teams to leverage data at all points of decision-making, they must make the data accessible for non-technical employees and provide training on how to use any relevant tools. Teams must feel comfortable with the why of data analytics solutions, so management must make them explainable while ensuring they are aware of the capabilities and limitations of AI. And finally, the data science team must avoid working in a silo, away from the other business functions of the firm.

Reconfigure the team structure

The core investment process must be re-thought, from the ground up. Data science teams must be driven by a business need which is provided by the PM, and then the two must work together to co-develop the right solution.

In addition to having a centralized data science team, the firm should have decentralized data scientists that sit within the business unit. The central team should focus primarily on data acquisition, cleaning, and ensuring reliability. The rest of the work should be done by data scientists on the PMs team – this will ensure the work is in-line with the business needs and will actually be used by the PM. With the clean, reliable data coming from the data acquisition team, the data scientists can rapidly prototype ideas for the PM.

Invest in the right software

Too many investment management firms attempt to build all of their AI software in-house. While the software that’s required for core operations and stems from core finance expertise should be developed internally, this does not apply to all other solutions being used.

For example, data analysis and automation tools that leverage ML domains such as language processing, big data processing, or image processing should not be built in-house. Constructing these systems internally is expensive, time-consuming, and means hiring for skills that would otherwise not be required within the firm. Not to mention, such systems would need a large and active development force to continuously maintain them.

That’s why it’s advisable for firms to find a third-party vendor who can take care of building the feature set that’s required, update the software with its latest version, and scale according to needs. This vendor will also take measures to ensure that the firm’s standards are consistent with its peers, and importantly, keep the system stable and secure. By integrating with a third party vendor, data science teams can focus on the core business objectives and maximize the use of overall resources.

While AI offers countless opportunities for investment management firms to augment and power decision-making and is already setting apart the top-performing firms from those that lag behind in adoption. With so much potential to enhance portfolio performance, AI adoption should be viewed as non-negotiable for forward-looking and innovative firms. It is paramount, however, that these firms embed a data-driven approach across all teams – not just PMs – and provide the structures and tools necessary for results to flourish.

Continue Reading

Technology

Democratising today’s business software with integrated cloud suites

Published

on

Democratising today’s business software with integrated cloud suites 3

By Gibu Mathew, VP & GM, APAC, Zoho Corporation

Advances in the cloud have changed the way we interact with the world. From how we pay our bills to how we communicate, to how we navigate the city streets, the cloud’s arrival has proven disruptive to the old ways of doing things.

This is perhaps no more true than in the realm of business software, an industry that has seen seismic shifts in the last two decades, and is now witnessing rapid adoption due to the global crisis in the last six months. Expensive, exceedingly complicated software that once was the purview of the few is now available to the masses, courtesy of the cloud and attendant improvements in technology. These strides have resulted in the democratisation of business software, the changing of an once-scarce resource into something everyone can access and use.

The shift to a more democratic, user-friendly, and affordable breed of business software has come about for a lot of reasons. Here are a few of the biggest ones:

THE CONSUMERISATION OF IT

As software has become more and more important to our day-to-day lives, it has also become friendlier for the end user. Actions that used to require reams of code and loads of technical know-how can now be completed with just a drag and a drop. Business software has followed suit, and increasingly looks, feels, and acts like consumer software. And with intuitive interfaces and familiar features, no specialised skills or training are required to get things up and keep them running.

MAINTAINING PRODUCTIVITY ON-THE-GO

The smartphone has put powerful computing technology in the palm of your hand and lets your business go everywhere you do. Sophisticated yet easy-to-use software is available ubiquitously, meaning that employees are no longer chained to desktop systems. In fact, driving and maintaining information across while you are on-the-go becomes a more seamless process. Software vendors whom are more customer centric, are providing mobile version as another mean of access on top of their services that runs on browser. Through real-time function, employees remain connected, and ground observation made during field work are readily updated through the cloud.

 THE TECHNOLOGY BUFFET

Part and parcel of the democratsation of software is the rise in consumer choice. Every day, new solutions are added to app galleries and marketplaces around the web, giving people multiple ways to tackle any business process. These app stores also give businesses the opportunity to see what other companies are doing to tackle similar problems.

There used to be a handful of software vendors that a business could choose from; now there are hundreds. Because there are so many options, customers can choose how they want to manage their processes without having to learn new skills.

Gibu Mathew

Gibu Mathew

 THE GREAT EQUALISER

Business software used to require a massive capital expenditure. As a consequence, only large companies with deep pockets could afford the features and capabilities software systems provided. However, the rise of the cloud and mobile technology have put an end to the need for installed, on-premise systems, and the costs (and time) associated with them. You no longer need a room full of servers or high capEx to run your business; a smartphone will do just fine. The result? Small businesses finally have access to the tools the “big boys” have had for years, and can now provide the same world-class experience to their customers.

SOFTWARE THAT YOU CAN PROVISION

As software has gotten easier to use, more people are using software. Decisions about what systems a business would run was left to people with diplomas in computer engineering. But no more. Today’s business software is more user-friendly than ever, meaning that even non-specialists can be as empowered as the pros to make decisions about the systems they’ll employ.

What’s more, advances in data virtualisation enables people to access the information they need without requiring special tools or knowledge. Data can now be retrieved and analysed by non technical individuals without having to know its structure, location, or format; this means a lot more people can have access to the details they need, without needing a bunch of training to get there. You can finally get rid of the IT gatekeepers and take charge of your business.

We believe that software is making the world better, but you still need the right suite. You need software that is easy enough for a tech novice to use, powerful enough for the expert, and priced reasonably enough so as not to impact anyone’s bottomline. Find a business solutions suite that’s “all-in” on cloud computing, includes a large selection of apps that are designed to handle every business process and run on every device. On top of that, it has to be affordable and, in the current times,  prioritise data privacy and security. Most importantly, be confident that the provider you choose has business goals aligned to yours and are happy and willing to help you every step of the way.

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

Data Unions, fisherfolk and DeFi 4 Data Unions, fisherfolk and DeFi 5
Finance3 hours ago

Data Unions, fisherfolk and DeFi

By Ruby Short, Streamr In the fintech world it seems every month there’s a new trend or terminology to get...

Deloitte: Middle East organizations need to rethink their workforce in the wake of COVID-19 6 Deloitte: Middle East organizations need to rethink their workforce in the wake of COVID-19 7
Top Stories3 hours ago

Deloitte: Middle East organizations need to rethink their workforce in the wake of COVID-19

Organizations in the Middle East have had to take immediate actions in reaction to the COVID-19 pandemic, such as shifting...

One in five insurance customers saw an improvement in customer service over lockdown, research shows 8 One in five insurance customers saw an improvement in customer service over lockdown, research shows 9
Top Stories3 hours ago

One in five insurance customers saw an improvement in customer service over lockdown, research shows

SAS research reveals that insurers improved their customer experience during lockdown One in five insurance customers noted an improvement in...

ECOMMPAY expands Open Banking payments solution to Europe 10 ECOMMPAY expands Open Banking payments solution to Europe 11
Finance3 hours ago

ECOMMPAY expands Open Banking payments solution to Europe

Open Banking by ECOMMPAY facilitates fast, secure and simple payments  International payment service provider and direct bank card acquirer, ECOMMPAY, has...

Bots Are People Too: Robotic Process Automation in Finance 12 Bots Are People Too: Robotic Process Automation in Finance 13
Technology3 hours ago

Bots Are People Too: Robotic Process Automation in Finance

By Tom Venables, Practice Director – Application & Cyber Security at Turnkey Consulting As technology has advanced, Robotic Process Automation...

The power of superstar firms amid the pandemic: should regulators intervene? 14 The power of superstar firms amid the pandemic: should regulators intervene? 15
Top Stories4 hours ago

The power of superstar firms amid the pandemic: should regulators intervene?

By Professor Anton Korinek, Darden School of Business and Research Associate at the Oxford Future of Humanity Institute. Gosia Glinska, associate...

How to drive effective AI adoption in investment management firms 16 How to drive effective AI adoption in investment management firms 17
Technology4 hours ago

How to drive effective AI adoption in investment management firms

By Chandini Jain, CEO of Auquan Artificial intelligence (AI) has the potential to augment the work of investment management firms...

Democratising today’s business software with integrated cloud suites 18 Democratising today’s business software with integrated cloud suites 19
Technology4 hours ago

Democratising today’s business software with integrated cloud suites

By Gibu Mathew, VP & GM, APAC, Zoho Corporation Advances in the cloud have changed the way we interact with...

Why the UK is standing tall at the forefront of fintech 20 Why the UK is standing tall at the forefront of fintech 21
Top Stories4 hours ago

Why the UK is standing tall at the forefront of fintech

By Michael Magrath, Director of Global Standards and Regulations, OneSpan In recent years, the UK has established itself as one...

How CFO’s can Help Their Businesses Successfully Navigate The Financial Fallout From COVID-19 22 How CFO’s can Help Their Businesses Successfully Navigate The Financial Fallout From COVID-19 23
Top Stories1 day ago

How CFO’s can Help Their Businesses Successfully Navigate The Financial Fallout From COVID-19

By Mohamed Chaudry, Group CFO of FoodHub 2020 has been one of the toughest years in recent memory for business....

Newsletters with Secrets & Analysis. Subscribe Now