In every dimension of the financial industry, the regulatory environment is becoming increasingly demanding, dynamic and complex. Global banking and brokerages must not only continue to meet their amalgam of current compliance requirements, they are also obliged to perpetually prepare for an unceasing expanse of nascent regulations and potential new risks.

As increased levels of diligence in governance decision-making and policy implementation are built on top of current enterprise compliance foundations, the discipline of governance gap analysis has gained irreversible visibility and importance. When executed properly, effective governance gap analysis will create real-world value. It will render existing policies more efficient and effective at addressing risks and responding to crisis; perils to business reputation and continuity, from threats inside and outside corporate boundaries, will be measurably reduced.

Governance gap analysis focuses on current corporate governance policies and processes (as well as the technology that supports them) and compares the existing governance modus operandi to industry best practices for companies that are similar in organizational structure, assets, liabilities and business objectives. This gap analysis practice will give an enterprise a clear understanding of as-is realities from which weaknesses and strengths in the governance framework can be assessed. Ultimately, stakeholders can be provided with a platform for effectuating a robust action plan of rectification and improvement.

Gaps are best identified by developing in-depth governance use cases that document and address a gamut of various but relevant possible business scenarios — from operational risks (such as exposure to fraudulent or money laundering transactions) to political risks (for example, underreporting a firm's market activity to regulatory agencies) to litigation risks and beyond. Each use case should enumerate the probability of each projected scenario as well as the possible (or expected) counteractions taken by organizational resources in response, copiously documenting the hypothetical outcomes - both good and bad.

As an outgrowth of the use-case exercise, precise exception/incident management and contingency plans can be formulated and fabricated into the greater body of corporate governance policies and procedures. Enterprise risks or emergencies that may not be handled in a competent and scrupulous way by current operational models can now be righted from both a holistic enterprise and business unit/departmental perspective. Change management roadblocks associated with gap remediation can often be reduced or removed by compellingly communicating the findings of the governance gap analysis to senior management.

A successful governance gap analysis methodology will incorporate best practices similar to the following:

  • Develop ROI justification for gap analysis projects by delivering threat profiles in the early stages of such ventures. Threat profiles examine and quantify key enterprise-wide business assets and their associated vulnerabilities to a host of potential hazards. Senior management must be continually educated on risk exposures across all classes of corporate assets and property.
  • When closing the gaps in an organization's corporate governance practices, take great care to maintain acceptable service levels and standards of business continuity. Any improvement or remediation plan should assess the business impact of all proposed corrective measures, no matter how small their expected footprint.
  • Establish an infrastructure that will allow for the physical benchmarking and measurement of improvements and optimizations in corporate governance. An intelligent information flow structure should quickly (and inexpensively) communicate this information to company directors, boards and steering committees.

While many CIOs understand how to make IT support enterprise corporate governance, the key to success will always be getting people to take collective ownership of the governance agenda, ensuring that everyone is fully aware of the consequences for noncompliance. All firm employees, vendors and consultants must have a solid sense of their roles and responsibilities, reinforced by regular feedback and awareness-building mechanisms. Forward-looking organizations should formally evaluate the board's performance and commitment to the corporate governance policies on a regular basis and incorporate such evaluations into gap analysis practices.
Financial institutions that are true to best practices in compliance and governance do more than satisfy regulators and shareholders - they gain handsome business advantages. In the wake of numerous recent high-profile corporate scandals and increasingly punitive fines and penalties assessed by regulatory agencies and local governments, high-level directors - those who hold the most accountability for their company's actions - should be responsive to the benefits that diligent governance gap analysis provides to the regular fine-tuning of company governance programs. 

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access