Ask the Pro: A Focus on Risk Management Services in a Service Delivery Transformation
John Conrad, Deloitte & Touche LLP
Attention to risk management is important, but won’t risks be handled by the Project Management Office (PMO) during a service delivery transformation?
While tactical project issues and risks may be addressed by a service delivery transformation PMO, traditional PMOs are not focused on addressing the full spectrum of risks that may derail a service delivery transformation. Service delivery transformation risk dimensions include:
This dimension examines the risks associated with transitioning a particular function to shared services. It takes into account the risk appetite of the organization considering the full portfolio of programs in-flight and planned for the near future that, in aggregate, increases the risks of the transformation for the organization.
Once an organization has decided to move a function into a shared services model, this dimension encompasses identifying, tracking and reporting the risks to the transformation initiative.
This dimension involves identifying the risks to the current operating model posed by the transformation, including impacts upon people, process and technology.
As a result of the transformation, the company will look fundamentally different. This dimension involves identifying the people, process, compliance and technology risks associated with the future state.
The risk management workstream should include process modeling of how the future state will look. Once the risk management function has a firm understanding of the future state, it can then think about the risks associated with it across multiple dimensions. Examples include:
- Financial statement risk/technology risk: How will the organization’s systems and interfaces change, and what are the implications to system security?
- Operational risk: How will the organization assure that processes are well-integrated and service levels maintained?
- Resource risk: How will the organization train, manage and incentivize its people to promote performance and retention?
- Regulatory/compliance risk: Is the organization prepared to meet compliance requirements and maintain a cost-effective compliance program?
- Value risk: How will the service delivery organization be governed to meet cost-reduction targets now and in the future?
This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the “Deloitte Network”) is, by means of this publication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this communication.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.
Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte has in the region of 200,000 professionals, all committed to becoming the standard of excellence.
© 2014. For information, contact Deloitte Touche Tohmatsu Limited.