Managing Risks Key in CRM

PwC consultants identify potential issues in customer relationship management implementations

Tempe, AZ — March 13, 2003 — While customer relationship management (CRM) can help companies increase sales, revenues, and market share; improve customer service; and reduce costs, its implementation creates potential for new risks and exposures, according to a new book co-authored by a pair of consultants for PricewaterhouseCoopers.

In ÒRisks of Customer Relationship Management (CRM) — A Security, Control and Audit ApproachÓ , co-authors Dave Erickson, a PwC partner, and Michele McLaughlin, a senior manager at the consultancy, offer advice to help organizations identify these risks and take steps to successfully manage a CRM implementation.

Published by Information Systems Audit and Control Foundation (ISACF), the book seeks to illustrate how CRM initiatives can help companies attain enterprisewide goals and describes the technology involved. The authors also outline the impact risk management and assurance professionals can have on CRM by addressing tactical issues during the transformation process.

Some of the risk hot spots for CRM initiatives discussed at length in book include project management and benefits realization issues, such as cost overruns and missed deadlines; business process controls and fraud risks, such as a lack of error detection and rejection and incomplete fraud detection and prevention; and operational resilience issues, such as telecommunications system and service outages and disruptions, or inadequate capacity to meet demands for processing peak loads.

Potential security risks include compromised data confidentiality, hacking, denial-of-service attacks and security policies that are not observed and practiced. Along similar lines, privacy management issues include compromised personal data protection, lack of compliance with privacy regulations and data privacy violations.

In addition, the authors point to such data management risks as contaminated data, or missing or duplicated data, and potential issues with telephony and telecommunications, such as toll fraud and telephone abuse, carrier invoice overpayment or confusion regarding the impact of deregulation.

"The risk management role is critical for CRM initiatives to ensure risks are adequately addressed and the CRM program is a success," said Erickson. "We wrote this book to provide our point of view as to what is required to properly manage risks during an organization's CRM transformation."

The authors targeted the book at business managers, information systems auditors, risk managers, process owners and security, and control and assurance professionals.