Do you know where your risks are? And why “Audit” is not a dirty word…
Companies with commodity production, merchandising and marketing, trading or hedging operations routinely operate in financial and physical commodities markets to manage commodity risk and to drive financial performance.
This is commonly achieved by using a variety of strategies that are fit-to-purpose for the individual company. However, persistent risks associated with commodity market activities are embedded throughout the commodity transaction life cycle and may result in significant economic, financial, regulatory or reputational consequences if they are not properly controlled. Internal audit functions are also increasingly focused on addressing a number of related high-profile risks.
Market price risk
Given the historic level of commodity price fluctuation, inadequate market risk management controls may lead to unacceptable market price risk.
Fraud and rogue-trader risk
The risk of fraud and rogue-trader activities is ever-present; inadequate controls across the commodity transaction life cycle may enable fraud and rogue-trader activities.
Credit and liquidity risk
The challenging economic environment in commodities markets has impacted the credit and liquidity standing of companies and their counterparties; inadequate controls may lead to unacceptable credit and liquidity risk.
Complex spreadsheet models are widely used as operational tools within the system landscapes of commodities market participants; inadequate controls may lead to the use of incorrect data when transacting in markets and monitoring the related risks.
Business transformation risk
Business transformations driven by the dynamic economic environment can create process and control gaps and introduce risk in otherwise well-controlled organizations.
Commodity trading and risk management (CTRM) system implementation risk
The implementation of a CTRM system may introduce significant risks through the inadequate implementation of system-based or system-enabled controls.
Critical and proprietary financial and operational data is maintained in CTRM systems; inadequate cybersecurity controls may lead to financial and operational risks.
|Audits that have +ve Impact||Key questions to consider|
|Business transformation risk
Objective: Assess current state and future state processes and controls
|Commodity trading and risk management (CTRM) system implementation risk
Objective: Assess the risks in the future state of business processes and the use of a CTRM package’s native functionality to support the design of future state controls
Objective: Assess the process and technology controls to protect data in the CTRM and related technology ecosystem
|Full-scope front-to-back-office review
Objective: Assess design or operational effectiveness of the processes and controls across the transaction life cycle
Nevertheless, despite all its benefits, modernisation is often met with resistance.
Considering the challenges and risks
Two major arguments are typically used when talking about a software modernisation initiative. Those are the time and costs involved.
Indeed, a solution that took a team of developers years to implement cannot be re-created in a week, even if you hire twice as many developers to handle the task.
Challenges that derive from legacy modernisation include the following:
- Personnel is usually unwilling to adjust to management changes. Motivation, training, and coaching will press them in that direction but will entail additional risk and cost.
- If there are multiple legacy systems within one corporation, their modernisation should be articulated and prioritised in a corporate program that considers the required effort and time window for each system individually. On the contrary, simultaneous modernisation may lead to a catastrophic impact that is not easily absorbed. Come up with a sound strategy & roadmap and do not, do not, do not have knee-jerk reactions that lead to re-prosecuting your strategic decisions!! Everyone needs to be on board and on the same page. Flip-flopping is a major risk so be mindful of it.
- If you are not doing a full replacement of an app, legacy code should be handled with extra care, even if some pieces of it can appear to be no longer relevant and in need of replacement. For the same reason, it is important to make sure while migrating that the underlying software will comply with the new data interchange rules and requirements dictated by client applications and support resources.
- Having to deal with countless lines of code that only address a given corporate process can be a real headache, especially if there is a skills shortage.
Besides these challenges, there are multiple risks to avoid. Here are some of the reasons for legacy modernisation effort failure:
The organisation inadvertently adopts a flawed or incomplete strategy.
The organisation makes inappropriate use of outside consultants and outside contractors.
The workforce is tied to old technologies with inadequate training programs.
The organisation does not have its legacy system under control.
There is too little elicitation and validation of requirements.
Software architecture is not a primary modernisation consideration.
There is no notion of a separate and distinct “modernisation process.”
There is inadequate planning or inadequate resolve to follow the plans.
Management lacks long-term commitment.
Management predetermines technical decisions far too prematurely.
Successful modernisation programs require a solid strategy and great attention to detail.
Today’s post has been a light touch focused on preparation for a modernisation strategy. My next post will start to point you toward some additional best practices on how to execute a well-founded strategy.
Regardless of your chosen approach and techniques, software modernisation is a complex, labour-intensive, and risky process. If done well, the results are well worth the risk.
Top analysts are predicting that digital modernisation will attain macroeconomic scale over the next three to four years, changing the way enterprises operate and reshaping the global economy.
“More than half the global economy turns digital by 2023 requiring new species of enterprise to compete and thrive.”
To live up to the demands of the new digital modernisation economy, organisations have to cease relying on outdated software and modernise their core technologies. Enterprises will benefit only when they stop seeing modernisation as a one-time project and embrace it as a continuous improvement cycle.
“Change is now the norm. Just as our clients set a course based on their understanding of the technology landscape, that landscape changes. CXOs must accept that change is constant and work out how to get on the front foot – to shape change rather than being controlled by it.”
Jason Novobranc, Chief Operating Officer, Implementary
How can we help?
Taking advantage of third-party expertise might be of great help. We at Implementary handle every aspect of legacy-system modernisation: from analysing the current solution, developing a solid business strategy, and prioritising the features to rebuilding your product from scratch, using the latest technologies and architecture solutions.
How can you connect with us?
We’d love to hear about your journey. Did reflecting on legacy system modernisation help?
About the Author
Jason Novobranec is Implementary’s Chief Operating Officer.
With over 20 years of Consulting, Program Management & Senior Leadership experience, Jason has delivered initiatives for large multi-national / multi-regional organisations as well as SME’s and is an expert in shaping solutions to fit a customer’s project needs.