Interview with Bertrand Kornfeld, Program Director, Bull Management
GRC, business as usual
Identifying stakeholders and texts regulating one’s business, and crafting a consistent and overarching response is a must for most leaders. Risk management is both an obligation to comply with applicable regulatory texts and a savvy decision in a world where business parameters change more and more quickly. Beyond sound management and crisis prevention, a well-rounded GRC program yields control over litigation against company officers or those to whom they delegate part of their responsibility. Bull offers a range of services to site managers because most responsibilities are put in their hands by regulation.
GRC services offered by Bull
The range of GRC services offered by Bull is standardized into fixed price packages. The ability to build tools to deliver services increases our productivity in delivery. Tools make it possible to achieve attractive pricing, modular delivery and iterative approaches such as the regulatory compliance planning service for Integrated Management of Regulatory Compliance (IMRC) shown below:
For each of these service offerings, stakeholders, prerequisites, deliverables and extensions, as well as the regulatory scope are clearly set out from day one. Legacy applications and compliance data are held by those who know and understand them, in a process facilitated by Bull’s consultants.
Industrial sites and higher education/research institutions in chemistry/physics/biotech/materials science
IMRC is the service offering proposed by Bull, to catalyze a GRC program in French organizations where the environment is typically as follows:
As a result, management becomes inherent in:
- Data: data resides in ERP and best-of-breed applications
- People: available knowledge and skills are capitalized upon
- Program/projects: comply with all requirements (IT and non-IT) of selected regulations in a single, unified business program.
Industrial and commercial sites with significant international freight traffic
International Freight Traffic Management (IFTM) is designed for organizations based in France and involved in physical import and export flows that are critical to their business success.
IFTM uses a similar structure to IMCR, but with regulatory texts that deal with the content of TARIC and the transportation of dangerous goods, as well as CITES and goods subject to excise tax. The information systems that result from IFTM automate information exchange with external stakeholders (carriers, customs e-services and customs brokers, as well as Eurostat for trade statistics). They also automate the appropriate internal business processes for export, supply chain, transport and logistics departments using business objects and functions (classification of goods in combined nomenclature, communication with the EDI platform, posting of custom duties and taxes in accounting, technical data for exported goods and imported content, product labeling and Material Safety Data Sheets (MSDS), rules for selecting the process to release goods, risk assessment framework…).
Organizations using applications in Corporate service mode
The application software typically used to offer IMRC (SAP EHS) and IFTM (SAP GTS) functionality is used with SAP Risk Management. They can be used as a ‘Corporate service’ to minimize cost and achieve superior performance by centralizing provision (for instance maintenance of substance data in SAP EHS), with local implementations ensuring that people fully own the solutions and providing appropriate, long-lasting functional coverage.
To ensure that an application used in Corporate service mode remains relevant to the business, Bull offers an Improve Corporate Service Value (ICSV) service. This offering is designed for multi-site organizations using SAP EHS or SAP GTS at multiple locations, with core business processes and/or data.
ICSV consists of four inter-related services (DIVP, DPSS, MUSF, and OMOC), which deliver continuous improvement of the Corporate service as depicted below:
ICSV services neither include nor replace, but build on existing strengths in the organization. Those most often used as pillars for ICSV include:
- IT project portfolio management
- Regulatory intelligence
- SAP technology intelligence
- SAP center(s) of expertise
- Program management support at Group, divisional or business unit level
- SAP Admin Task Force.
To sum up
This description of Bull’s GRC service offerings sets out the contexts in which it may be used and key aspects of this service. Bull consultants are determined to use their dual expertise (functional and technical) to contribute to successful GRC programs and to limit sub-optimal use of skills, application software, platforms, financial resources and opportunities for progress.
Read also
Boss your BOS!
… or how to improve regulatory compliance whilst integrating risk management >>
