One of my favorite lists to review each year in January is KnowledgeLeader’s list of the top 25 pages from the previous year. I am always curious what will end up on this list as it is different each year. In 2016, our subscribers frequented the Process Classification Scheme (PCS) more than any other page. This tool was originally published on our site in 2007 and is a staple framework to our Risk and Control Matices (RCM) library.
The PCS is a framework used by Protiviti to define the functions or processes of a business in two categories: operating processes, and management and support processes. It can be used to organize information about a company, according to relevant business and/or industry processes. The PCS is also useful because it defines the individual functions of a business that should take place at the strategic, operational and tactical levels. Depicting each function as a defined process or sub-process helps promote a common language. This is similar to but is also different than an organization chart that depicts the way a company has its people organized to execute its business activities. The PCS is more comprehensive, as it focuses on the essential activities of the business. It is particularly useful in deconstructing a business down into the essential activities that make it work and create value.
The PCS can be used as a “roadmap” or even a checklist to help identify processes, as defined by Protiviti, and related risks and potential controls that may be applicable to the organization.
The processes defined in this tool (and associated sub-processes) are common to most organizations and therefore more generic and non-industry specific. It is a good practice to develop different PCSs to address specific risks and processes associated with different industries.
Please note that this is not an all-inclusive list of existing business processes. Companies should customize the PCS (processes and associated sub-processes) to fit the facts, circumstances and culture of the organization.