This is the first in a series of articles about how to manage risk in a Microsoft Dynamics environment.
In today's world, it's not hard to find a headline related to data breaches, embezzlement, or corporate fraud. Whether it's stolen credit cards at Target and Neiman Marcus or your data being watched by the NSA, data protection and privacy are more important than ever. Companies need to secure and monitor key systems to protect their customers, partners and employees. In many environments, Microsoft Dynamics is that key system that holds sensitive financial, sales, and payroll data.
Every company in the world faces risk. It is a factor in each strategic and financial decision your company makes. Companies that recognize and understand their risks are better positioned to guard against situations like the massive customer data breaches that have been in the news. Likewise, a company that takes a proactive approach to risk is better positioned to seize opportunities as they arise. This recognition, analysis and proactive management of risk is called enterprise risk management.
Your company may not talk explicitly about risk management, but risk plays a part in every decision that is made. If you have ever built a list of pros and cons, you are engaging in risk management. When companies take a more formal approach to risk they can react faster and make more informed decisions. Do we have enough money to acquire that company? Can we hire additional staff? Should we move our Dynamics implementation to the cloud?
Beyond better strategic decisions, there are many other reasons why risk management is important to a company using Microsoft Dynamics. Some companies fall under regulatory compliance like Sarbanes - Oxley (SOX), FDA, HIPAA or DCAA. Each of these regulations mandates that companies have a risk management system in place for protecting things like the accuracy of financial statements, personal data privacy, credit card data security and the protection of public health. Each of these regulations comes with a periodic, mandatory audit of a company's risk management for the affected areas. Failure to pass one of these audits can lead to a drop in stock price, negative publicity, loss of ability to process transactions, fines, and even jail time. Essentially, the government is requiring companies to have and demonstrate a risk management strategy.
Many companies think they are too small for risk management or think that they escaped it because they do not fall under the aforementioned regulations. But even small companies and nonprofits benefit greatly from formalized risk management. Consider a few common but unexpected benefits:
- Banks are more willing to offer loans to small companies who have audited financials and larger companies are more willing to acquire companies that demonstrate an understanding of risk.
- A $150,000 embezzlement is a rounding error for a Fortune 500 company. An event of that size may put a small company or nonprofit out of business.
- Nonprofits can protect their nonprofit status as well as donor confidence in the organization by mitigating risks. Fraud will quickly put an end to even the best of causes.
The first step in building a successful risk management environment is building a framework. The key pieces of the framework are a risk profile and business process maps. The next article will describe the importance of starting with the framework, the general concepts behind building corporate risk profile, and the risks of not using a framework.
Read on to learn more about Building a Risk Framework for your Microsoft Dynamics Environment.