Casewise helps Eneco deliver a strategic framework for the effective management and control of a high integrity organization and culture.
Since 2005, an in-house spreadsheet application was used to manage all Governance, Risk & Compliance (GRC) processes, to measure the extent of compliance and identify areas for improvement. By 2007 it was clear Eneco needed a more sophisticated tool to increase efficiency, reduce duplication of management effort and facilitate greater involvement by the workforce, as well as providing a digital audit trail for all activity.
Three key objectives were identified for further improvement of the ‘In Control’ programme:
- Design a single Governance, Risk & Compliance (GRC) framework to manage the complex inter-relationships between the workforce, the Assurance Functions and the Internal Audit process;
- Develop a system that would involve the workforce and keep it simple for them;
- Introduce a process of continuous improvement to increase the value of the ‘In Control’ programme to the business.
After a comprehensive review of the market-place, Eneco selected Casewise to implement a Control & Risk System to replace its spreadsheet application. Hendrik-Jan Sepers, Manager, Corporate Risk Management explains:
“We wanted a vendor with a flexible approach that could match our business processes. We felt that the Casewise solution would allow us to migrate our current processes to the new system with minimum disruption to the business and the workforce. We were also impressed by their solution’s ability to facilitate improvement in our self-assessment and audit processes.”
Eneco and Casewise collaborated closely to produce the Eneco Control & Risk System (ECRS), a single system that combines all significantly important control measures in a standards framework. In the past, these measures had been created, from the ‘top down’ by staff departments and focused on elements such as a well-functioning authority manual and the occasional preparation of a multi-year estimate.
However, the new ECRS was able to reflect the highly differentiated nature of Eneco’s activities, by designing a control system from the ‘bottom up’ for each element of the business. This not only increases the accuracy and value of the control measures, but also enhances the relevance of the system to – and its recognition by – the workforce, with a positive impact on willingness to apply the system.
An improvement engine is used for all material issues that impact the organization. This may include incidents, findings from selfassessments, findings of Internal Audit, Management Letters findings, issues raised by the external accountant and areas for improvement identified by other stakeholders, such as the tax authorities or the Office of Energy Regulation.
The framwork delivers:
- Better cross departmental working (between the staff and assurance functions and the Internal Audit )
- A highly-effective strategic programme for the management, supervision and monitoring of a high integrity organization and culture.
This integrity and organizational culture form an important part of Eneco’s GRC framework. Risks that have consequences in the area of integrity are actively addressed. The GRC reports include a complete overview of all the compliance and integrity risks, including the control measures that have been implemented and an opinion regarding the effect of these control measures.
Any incidents in this area are also included in this report. The new system has also helped Eneco to align the GRC framework with the Internal Audit process, which focuses on providing assurance in those areas that introduce the major risks. Internal Audit now uses the information provided by the GRC framework as input for its risk analysis, during the exploration phase. As a result, recognition of the value of the audits by the business has increased and the efficiency of the process has improved, saving time and money.