In ABC News, we find a strong correlation between financial services and healthcare when we take a risk management perspective. Stephanie Chalmers of ABC news writes ANZ bank New Zealand have been identified with risk and assurance failures in its ability to assess and manage its own capital requirements. Removal of the banks accreditation now forces the bank to hold an extra $NZ277 million in capital.
An Incident has resulted in an impact to business objectives which effective enterprise risk management should have monitored and managed.
What exactly went wrong for a bank to lose an ‘accredited’ status and why did ANZ's directors attest to compliance despite the approved model not being used since 2014?
While highly unlikely, one perspective is ANZ’s directors simply didn’t care as the reward outweighed the risk resulting in lip service to the reserve bank of New Zealand.
The other and more feasible is assurance provided up the tree was too far removed and distilled that reviews from frontline assurance, secondline governance and internal audit were not sufficient to highlight the impending risk to the banks business objectives.
Geoff Bascand RBNZ deputy governor is quoted;
"The fact that this issue was not identified for so long highlights a persistent weakness with ANZ's assurance process"
As risk is industry agnostic the bridge to healthcare can be made, persistent weakness in assurance processes will eventuate into an incident impacting healthcare objectives. Potentially placing the healthcare organization at risk of losing accreditation.
Similarly, to financial services, when indirect oversight is employed such as spreadsheets, documents and presentation packs,distilled through management committee layers, the de-centralised approach to enterprise risk management collapses under its own weight.
QC-Technology strives to address enterprise risk management and assurance breakdowns by simplifying risk, ensuring clear accountability of owned risk and controls with demonstratable traceability of testing. Businesses of any industry are supported with digitized integrated 3 lines of defence. Risk, Issues and Incident insight is provided on-demand to decision makers and responsible parties ensuring breaches in controls are understood and promptly actioned.
QC-Technology making risk relevant.