Compliance in Shared Services
Shared services compliance arrangements seek to achieve economies of scale by having one provider meet the needs of several organisational units. Centralised provision of compliance systems to geographically spread businesses, instead of each having its own compliance function, is a common example. The principle can also apply to entire business processes, such as payroll, procurement, facilities management, vehicle maintenance and other services.
Straightforward risk management, informed by an understanding of the common pitfalls associated with shared services compliance in the past, can improve the chances of success in future shared services implementations.
There are generally two organisational levels involved on the stakeholder side of a shared service compliance provision:
- The business units, departments or other operations that will make use of the shared services (the internal or external stakeholders); and
- The organisation, or part of the organisation, that acquires, manages, monitors and acts as the unified ‘purchaser’ of the shared service on behalf of the business units.
In practice, a great deal of emphasis is placed on where an implementation will end and on the benefits it is hoped to deliver, but many of the most important challenges have their roots in the status quo, the starting point for the project.
Three themes capture many of these challenges:
- Diversity among the operating units.
- Motivations of their management and personnel; and
- Information about the present situation, processes, and operations.
While they will share some characteristics, operating units do not all enter compliance on the same terms. No matter how mundane the service might be, there are invariably differences between operating units.
Some of the most common include:
- The scale and complexity of each unit’s operations.
- The political influence of each unit within the larger entity.
- Procedural details of existing service operations.
- Sensitivity to service level measures such as availability and quality of service.
- The priorities governing trade-offs when time and resources are constrained.
- How strongly they are bound into existing service delivery contracts, how successful these contracts have been, and how long these contracts have yet to run.
- The technology they currently use to deliver services.
- The extent to which their activities are integrated with or rely upon processes that are not within the shared services’ scope; and,
- Staff and management skill levels and the maturity of management processes.
By their very nature, shared services compliance initiatives are almost always driven centrally but they rely on the commitment of personnel in the operating units for their success. In addition, shared services projects often have extended timescales, so changes in staff, management roles and organisational priorities are to be expected as services are implemented.
Three common challenges to the effective engagement of personnel are resistance to change of any kind, a desire to protect independence and influence, and competition between units to each gain the most from the shared services arrangements.
Change can be disturbing.
The environments with most scope to produce improvements will tend to be those that have remained unchanged for the longest time. This is a straightforward change management challenge made more complicated by its interaction with the issues surrounding information, discussed in the next section, as well as with a project’s ability to engage personnel in the transition. Operations that were last updated a long time ago are often those with the poorest documentation of their current processes and staffed by the personnel least interested in change; perversely, these may be the units in greatest need of improvement.
Local managers of existing services will reasonably see a move to shared service as a loss of influence. They might not wish to be seen to be obstructing the change, but they will often resist supporting it. Simply getting all the stakeholder representatives to attend project meetings at the same time can be a challenge and it may prove impossible to reach agreement among them on all aspects of the work.
Where agreement cannot be found or decisions are being delayed, there may be a natural central authority, such as the board of a company or the head of compliance, that can, in principle, step in and mandate a way forward. Such intervention might strengthen passive resistance to the project.
Where there is no central authority providing clear leadership, or the units enjoy some level of autonomy, as with a group of higher education institutions, overcoming local management resistance can be even more difficult.
Governance arrangements that appear sound but lack efficacy can prolong project disruptions by masking the absence of consensus and hiding the need for stronger measures to break a deadlock.
To ensure that a new shared service function provides an adequate replacement for existing operations, it is necessary to understand how those operations work. To optimise the transition to new ways of working, it is necessary to know what assets and infrastructure are available currently, what can be re-used, where parallel working may be required during transition and how the old systems can be phased out.
Many processes rely on undocumented knowledge held by those who operate them. Formally documented processes are often augmented by undocumented practices made on a pragmatic basis to deal with changes and smooth out inefficiencies. Establishing a baseline in such circumstances is very difficult, even if the people involved are all motivated to help.
Documentation of some processes and infrastructure will often be incomplete or even completely absent. Systems and even physical infrastructure may have developed over time, being extended and reconfigured without the changes being documented. For instance, compliance systems might include a mix of free software, and the older elements of the system might rely heavily on a small number of personnel who have operated it for many years.
The Business Case
The goals of a shared services compliance project usually include cost reduction, flexibility, operational scalability, and process standardisation among the major drivers. While these may be well understood, at least at a high level, some aspects may have to be worked out and negotiated prior to implementation. An important key performance indicator is generally some form of net present cost, net present value or internal rate of return measure, often purely based on costs and savings but sometimes including revenue.
What did businesses do for financial reporting prior to MYOB or ZERO? The main benefit is transparency?
Shared services business cases often face challenges in relation to:
- Governance and the integrity of decision making.
- Knowledge of existing systems and processes.
- Understanding management costs.
- Attribution of benefits.
- Non-financial objectives; and,
- Preoccupation with the end state to the exclusion of the implementation.
Knowledge of existing systems and processes
Understanding infrastructure and processes used to deliver existing services can be difficult, especially where documentation is sparse, out of date or absent.
Analysing existing systems and processes can uncover gaps that will need to be covered by the new compliance service. It is not uncommon to find irregularities in record keeping and data management that have fallen into poor practices, dependence on inputs and sources of support that have not been formally recognised to date, and other areas where a straight replacement of the existing conditions is either not possible or not desirable.
Analysis of existing systems and processes may also identify opportunities for business improvement in individual units, particularly where existing systems limitations may have restricted units from making their processes more effective or efficient. Such opportunities for business improvement should be included in the business case.
Acknowledgement of benefits
A shared services compliance project might have objectives outside the scope of the services that it is to deliver and the financial impact it will have. These could include improving an organisation’s flexibility by allowing services to be scaled up and down in response to changing demand or making it easier to move between geographical locations. Restructuring staff employment arrangements and skill sets and bringing about cultural change and business improvements in response to external conditions may also be important.
Analysis of the human and systems resources employed by the existing service is crucial to understanding the baseline against which proposed changes will be measured and the scale of the effort required to implement them. Superficial impressions and assumptions about the integrity of existing documentation and procedures, and the ease of transition to shared services, often prove incorrect.
Maximising the chance of success
It is our experience that sound risk management is essential in the early stages of thinking about and preparing for a shared services project if major pitfalls are to be avoided. Many of the generic challenges of compliance implementation are well known, and effective risk management should be straightforward even if it might not always be simple.
Structural challenges such as the involvement of multiple stakeholders and systems crossing several organisational boundaries can be accommodated within a risk assessment process, and successful treatments can be implemented if the challenges are addressed early and pursued diligently.