MAINSTREAMING GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE INTO BUSINESS PROCESS

  • 1,134 views
Uploaded on

SUNIL K KOHLI, IDAS AT "GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE SUMMIT" MUMBAI 28-29 APRIL, 2011 GIVING INAUGURAL ADDRESS ON "MAINSTREAMING GRC INTO BUSINESS PROCESS"

SUNIL K KOHLI, IDAS AT "GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE SUMMIT" MUMBAI 28-29 APRIL, 2011 GIVING INAUGURAL ADDRESS ON "MAINSTREAMING GRC INTO BUSINESS PROCESS"

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,134
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
0
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. 1FELICITATIONS FROM SURAKSHA SUCCESS SYSTEMS 2011
  • 2. 2Welcome to SURAKSHA SUCCESS SYSTEMS 2011
  • 3. 3 Mainstreaming GRC into the Business Process by Sunil KOHLI, IDAS ndc Indian Defence Accounts Service Joint Secretary and Financial Adviser, National Disaster Management Authority (NDMA) andNational Disaster Response Force (NDRF) SURAKSHA SUCCESS SYSTEMS 2011
  • 4. 4 Key Focus“Organizations Reputation, Valuation and Profitability are directly linked to Good Governance, Effective and Real- time Risk Management and adhering to regulatory Compliance” SURAKSHA SUCCESS SYSTEMS 2011
  • 5. 5 Mainstreaming GRC into the Business Process•Mainstreaming GRC into the Business Processessentially means looking critically at each activity thatis•Being planned, not only from the perspective of thatbusiness process activity,•But also From the perspective of embedding GRCattributes into that process so that it addresses theGRC concerns. SURAKSHA SUCCESS SYSTEMS 2011
  • 6. 6 Business ProcessGRC SURAKSHA SUCCESS SYSTEMS 2011
  • 7. 7 MAINSTREAMING ………..• GRC strategies and measures are most effective whenintegrated into the framework of overall businessProcess.• GRC should not be considered as an end in itself whichrequires incorporation into Business Process but rather asan integral component of all Business Process in the firstplace.• Hence, a central theme of mainstreaming is to addressGRC concerns within the Business Process context andensure that Business Process, Policies, Projects andProgrammes do not unwittingly create new forms ofvulnerability. SURAKSHA SUCCESS SYSTEMS 2011
  • 8. 8 NATIONAL DISASTERMANAGEMENT AUTHORITY (NDMA) SURAKSHA SUCCESS SYSTEMS 2011
  • 9. 9 NDMA: DM ACT 2005• The Disaster Management Act, 2005 brought National Disaster Management Authority (Apex Body) at National level• The Act lays down Institutional and coordination mechanisms at the National, State, District and Local levels and provides for establishment of Disaster Response & Mitigation Funds SURAKSHA SUCCESS SYSTEMS 2011
  • 10. 10 Paradigm Shift in Approach to DM• From the earlier Reactive Approach wherein focus was primarily on response and relief now on to Proactive Approach of prevention, mitigation and preparedness.• National Roadmap for Disaster Management (DM)• Primary objective: Mainstreaming of DM into the Development Process.• Create a Culture and ethos of Preparedness & Prevention across the country SURAKSHA SUCCESS SYSTEMS 2011
  • 11. 11 DISASTER MANAGEMENT• Disaster Management means a continuous and integrated process of planning, organizing, coordinating and implementing measures which are necessary or expedient for-• Prevention of danger or threat of any disaster;• Mitigation or reduction of risk of any disaster or its severity or consequences;• Capacity Building;• Preparedness to deal with any disaster;• Prompt response to any threatening disaster situation or disaster;• Assessing the severity or magnitude of effects of any disaster;• Evacuation, rescue and relief;• Rehabilitation and reconstruction; SURAKSHA SUCCESS SYSTEMS 2011
  • 12. 12 NDMA National DisasterManagement Structure SURAKSHA SUCCESS SYSTEMS 2011
  • 13. 13 DISASTER MANAGEMENT• We handle all issues relating to – Governance – Risk Management and – Compliance• In a coordinated, collaborative, and Integrated Manner by Leveraging Technology effectively.• Our main focus is on mainstreaming DRR into the Development process. SURAKSHA SUCCESS SYSTEMS 2011
  • 14. INDIAN DEFENCE ACCOUNTS SERVICE DEFENCE FINANCIAL MANAGEMENT, AUDITING AND ACCOUNTING“ENSURING COMPLIANCE ANDPROPELLING PERFORMANCE” 14 SURAKSHA SUCCESS SYSTEMS 2011
  • 15. 15 Precap• Why GRC? Context• Defining GRC• What is GRC?• Does GRC really matter?• What to do about it?• Why mainstream GRC?• My Key Focus.• Key Issues• Key Challenges• Road Ahead SURAKSHA SUCCESS SYSTEMS 2011
  • 16. 16 Why GRC?• CONTEXT:• Growing Regulatory Environment• Higher Business Complexity• Increased Focus on Accountability• Fast Paced Global Economy• Competitive Business Spectrum• Emerging Threats• Government, Public Sector Organizations and Corporate are the biggest entities which affects the lives of the citizens and the consumers.• Transparency, Risk and Compliance are the main attributes to ensure Accountability and Corporate Social Responsibility. SURAKSHA SUCCESS SYSTEMS 2011
  • 17. 17 CEOs “cashed out” prior to economic crisisCEOs at major US financial and real estate firms converted tens of millions of dollars of overvaluedstock into cash prior to the eruption of the current financial crisis. SURAKSHA SUCCESS SYSTEMS 2011
  • 18. 18 CONTEXT• 2003: IFAC Research:16 companies were classed as failures including Cable & Wireless (UK), Enron (USA), France Telecom (France), Marconi (UK), Marks & Spencer (UK), Nortel Networks (Canada), WorldCom (USA), Xerox (USA) etc.• The most common problems: – Poor ethical standards at the top; Aggressive targets and earnings management; Misaligned incentives – A CEO too dominant and charismatic; Weak board of directors (too cozy with CEO); Weak internal controls (e.g., poor resource management) – A CFO too involved in aggressive merger and acquisitions (M&A) strategies; Poor choice of strategy and lack of clarity – Poor execution (especially unsuccessful mergers and acquisitions) – Failure to respond to change quickly enough SURAKSHA SUCCESS SYSTEMS 2011
  • 19. 19 CONTEXT• Enron. Tyco. WorldCom. Vivendi. Saytam.• Mention any one of them and the response you get is rolling eyes and shaking heads. So what happened?• Excessive risk-taking driven by overly aggressive targets and accompanying incentives does seem to have opened the door for unethical behavior, info-manipulation, dishonest reporting, made even worse by ineffective governance and control mechanisms.• Consequent legislated corporate and management accountability standards shouldn‘t surprise anyone. SURAKSHA SUCCESS SYSTEMS 2011
  • 20. 20VULNERABILITY OF CORPORATE• Today‘s business climate is complex and increasingly difficult to predict. Stakes are rising in a global market; Competition is fierce & brand loyalty is fickle.• Across all industries, companies are grappling with high expectations and margin pressures.• Businesses face unprecedented numbers of legal, regulatory, and business partner mandates, as well as value chain requirements that affect nearly every aspect of their operations.• The question is, given today‘s highly regulated environment, how can you control risk, manage effectively, drive performance, and ultimately inspire greater stakeholder confidence? SURAKSHA SUCCESS SYSTEMS 2011
  • 21. 21 Why GRC?• The management of enterprise risk and compliance has become a critical business issue• Good Governance is the most effective measurement criteria for current and future stakeholders SURAKSHA SUCCESS SYSTEMS 2011
  • 22. 22 How GRC is Defined• GRC is an integrated system of people, processes and technology, implemented by the board, management, the workforce, and the extended enterprise which provides assurance that the organization: – Understands stakeholder expectations; – Sets the right objectives to meet stakeholder expectations; – Achieves objectives while addressing risks and protecting value; – Operates within legal, contractual, internal, social and ethical boundaries; and – Provides relevant, reliable and timely information about the performance of the system to internal and external stakeholders.• Source: Open Compliance Ethics Group SURAKSHA SUCCESS SYSTEMS 2011
  • 23. 23 How GRC is Defined• “Governance” refers to rules, systems, processes, and structures that ensure the corporation operates in accordance with its defined policies and procedures, and engages with legitimate stakeholders to meet their expectations.• “Risk Management” refers to the systems and procedures in place to proactively evaluate risk and to minimize or mitigate losses.• “Compliance” refers to the tactical approaches to following the rules—the systems and processes that enable stakeholders to evaluate the extent to which companies conform to their interests.• In a networked economy, these three elements are as interdependent as the legs of a stool. SURAKSHA SUCCESS SYSTEMS 2011
  • 24. 24 How GRC is Defined• The span of a Governance, Risk and Compliance process includes three elements• Governance is the oversight role and the process by which companies manage and mitigate business risks• Risk management enables an organization to evaluate all relevant business and regulatory risks and controls and monitor mitigation actions in a structured manner• Compliance ensures that an organization has the processes and internal controls to meet the requirements imposed by governmental bodies, regulators, industry mandates or internal policies. SURAKSHA SUCCESS SYSTEMS 2011
  • 25. 25 How GRC is Defined• GRC Discipline• Governance manages the strategic directives a company wants to follow.• Risk management assesses the areas of exposure and potential impacts.• Compliance is the tactical action to mitigate risk SURAKSHA SUCCESS SYSTEMS 2011
  • 26. 26GRC Environment SURAKSHA SUCCESS SYSTEMS 2011
  • 27. 27GRC Process SURAKSHA SUCCESS SYSTEMS 2011
  • 28. 28 What is GRC?• Taken individually, these three terms convey a range of meaning.• But when grouped together, they have come to indicate a recently conceived category of technology and consulting services collectively referred to as GRC.• Much of the confusion around GRC lies in the notion of governance, which changes from one organisation to the next depending on its structure, culture, risk strategy and context• GRC is not just about a streamlined, computerized index of rules.• It is about behavior.• A successful GRC platform is a powerful tool that enables a company to operate within the spirit and the letter of those rules.• The behaviors and processes that the successfully implemented GRC platform catalogs and tracks become a part of the company’s culture and of the work ethic of its employees.• Source: Achieving Efficient Governance, Risk and Compliance (GRC) Through Process and Automation EPICORE WHITE PAPER SURAKSHA SUCCESS SYSTEMS 2011
  • 29. 29 What is GRC?• Governance, Risk, & Compliance (GRC) is more than a catchy acronym• It is an approach to business. An approach that permeates the organization: its oversight, its processes, its culture, its boundaries.• Ultimately, GRC is about the integrity of the organization:• Does the organization make its code of ethics, policies, and procedures clear to its employees and business partners?• Are the values of the organization clear and understood across the business and its relationships?• Source: http://www.corp-integrity.com/what-is-grc SURAKSHA SUCCESS SYSTEMS 2011
  • 30. 30 What is GRC?• It is easier to define what GRC is NOT:• GRC is not about silos of risk and compliance operating independently of each other;• GRC is not solely about technology – though technology plays a critical role;• GRC is not just a label of services that consultants provide;• GRC is not just about financial controls;• GRC is not another label for enterprise risk management (ERM), although GRC encompasses ERM; and, furthermore,• GRC is not about a single individual owning all aspects of governance, risk, and compliance.• Source: http://www.corp-integrity.com/what-is-grc SURAKSHA SUCCESS SYSTEMS 2011
  • 31. 31 What is GRC?• SUMMARY• Good governance can only be achieved through diligent risk and compliance management.• Ignoring a federated view of GRC results in business processes, partners, employees, and systems that behave like leaves blowing in the wind.• Source: http://www.corp-integrity.com/what-is-grc SURAKSHA SUCCESS SYSTEMS 2011
  • 32. 32OCEG: Great view of GRC – what it is really all about SURAKSHA SUCCESS SYSTEMS 2011
  • 33. 33 Does GRC really matter?• GRC really does matter.• GRC emerged because traditional governance, risk and compliance approaches are not sufficient for new business realities.• GRC is widely discussed because it is relevant in all industries and sectors, all over the world and has impacts across all functions in a modern enterprise.• http://www.deloitte.com/assets/Dcom- UnitedStates/Local%20Assets/Documents/us_grc_Demystifying%20GRC_Lee%20Dittmar.pdf SURAKSHA SUCCESS SYSTEMS 2011
  • 34. 34 Does GRC really matter?• Most organizations have viewed governance, risk and compliance as discrete activities separate from mainstream business processes and decision-making.• http://www.deloitte.com/assets/Dcom- UnitedStates/Local%20Assets/Documents/us_grc_Demystifying%20GRC_Lee%20Dittmar.pdf SURAKSHA SUCCESS SYSTEMS 2011
  • 35. 35 What to do about it.?Corporations Need to Rebuild and Strengthen Stakeholder Trust SURAKSHA SUCCESS SYSTEMS 2011
  • 36. 36 What to do about it.?Pervasive Fragmentation Complicates the Pursuit of Stakeholder Trust SURAKSHA SUCCESS SYSTEMS 2011
  • 37. 37 What to do about it.? Internal GRC DisciplineFragmentationInterrelationship Between Governance, Risk, and Compliance Management SURAKSHA SUCCESS SYSTEMS 2011
  • 38. 38 What to do about it.? An Integrated Approach to Transparency is Essential• Organizations must embed the appropriate behaviors into the organization’s culture, processes, and systems.• To do so, they need a comprehensive approach to governance, risk management, and compliance.• An integrated GRC strategy becomes in itself a differentiator. SURAKSHA SUCCESS SYSTEMS 2011
  • 39. 39 What to do about it.?Integration of GRC and Culture SURAKSHA SUCCESS SYSTEMS 2011
  • 40. 40 Why mainstream GRC?• There is a critical need to mainstream the Governance, Risk management and compliance (GRC) functionalities into Business Process.• There are various possibilities to add Governance, Risk, and Compliance (GRC) related functionality to processes. These can be done by: - – Embedding compliance into business processes, enabling business-owner accountability, preventing fraud, and minimizing audit time and related costs – By incorporating control activities into everyday business processes, companies avoid after-the-fact violation detection – Learn how to implement a top-down, risk-based framework to identify, control, and test the transactions and business processes that are most likely to be scrutinized during an audit. SURAKSHA SUCCESS SYSTEMS 2011
  • 41. 41 My Key Focus1. Why Government and Public Sector are not adopting an integrated GRC functionalities as a tool for better Governance? SURAKSHA SUCCESS SYSTEMS 2011
  • 42. 42Publication: The Times Of India Delhi; Date: Apr 21, 2011; Section: Times Sport;Page: 24; Order No: 7157124_1_1; Dimension: 12.0 X 10.0 sq.cm; SURAKSHA SUCCESS SYSTEMS 2011
  • 43. 43 My Key Focus1. What is the Focus of corporates on the issue of ―CORPORATE GOVERNANCE‖?2. What are the corporates policies about good governance?3. Governments are creatures of law and as such, they can do only what the law allows,(the things that it is authorized to do) and using the methods that are prescribed in contrast to organizations in the private sector that can do anything not prohibited by law SURAKSHA SUCCESS SYSTEMS 2011
  • 44. 44 My Key Focus• Governance is wider in scope than government. It includes non-governmental and informal organizations. It makes for crafting social institutions as a matter of substantive public concern. In the present globalization scenario, we are witnessing an increasing concern towards the issue of governance. The managerial orientation that is making way into the domain of public administration with thrust on economy, efficiency, and effectiveness is also emphasizing the pursuance of governance for development. SURAKSHA SUCCESS SYSTEMS 2011
  • 45. 45 My Key Focus• Determinants of Good Governance relevant to the corporate sector includes Competitive environment injecting competition into service delivery;• Organizational pluralism which demands convergence of State, Market Forces (represented by Corporate sector) and civil society organizations for governance; Probity in public life; Building social capacity; Performance partnership between government, NGOs and private agencies; Ethical approach to human concerns and E-governance. SURAKSHA SUCCESS SYSTEMS 2011
  • 46. 46 My Key Focus• GRC is about the need for ―Principled Performance‖.• Organizations need to consider the ethical environment and the expectations of the society within which they operate. Optimizing profits for the shareholders at the same time as you are building a reputation as a ruthless operator that doesn‘t care about the environment, your workers, or the community is not a recipe for long-term success SURAKSHA SUCCESS SYSTEMS 2011
  • 47. 47 My Key Focus• While the reputation and respect for our country had been growing internationally, in early 2009 one word stood between our successful growth story and the credibility of our institutions. That word with which you are all too familiar is ―SATYAM‖.• The story breaking in January, 2009 created ripples in global economies about the quality of corporate governance, efficacy of regulatory bodies and probity in corporates. SURAKSHA SUCCESS SYSTEMS 2011
  • 48. 48 My Key Focus• What this country cannot risk is the deficit of ‗ethics‘ in its corporates.• No business can be sustainable in the long run and have a consistent growth trajectory, unless it is based on an edifice of credibility and integrity.• Deficit in governance is not applicable to government alone. It applies equally to the business community. SURAKSHA SUCCESS SYSTEMS 2011
  • 49. 49 My Key Focus• What this country cannot risk is the deficit of ‗ethics‘ in its corporates.• No business can be sustainable in the long run and have a consistent growth trajectory, unless it is based on an edifice of credibility and integrity.• Deficit in governance is not applicable to government alone. It applies equally to the business community. SURAKSHA SUCCESS SYSTEMS 2011
  • 50. 50 My Key Focus• The post reform period has witnessed a corporate culture of diluting or ignoring stringent ethical standards.• It is often considered ethical as long as a corporate establishment, in its business practices, remains within legal confines to survive in business and beat the competition.• This is misplaced corporate governance.• Probity in business is as important a trait in an outstanding CEO as is to be articulate, positive, courageous, dynamic and professionally competent. You have to be a developer of talent and maintain cultural sensitivity. The culture to perform has to be deeply inculcated. Without meritocracy, you fall into the morass of nepotism and mediocrity. SURAKSHA SUCCESS SYSTEMS 2011
  • 51. 51 My Key Focus• I wish to propose a thought to leave behind with you.• The East India Company, with which we are all familiar, was founded in the year 1600. It is often believed to be the forerunner of the modern multinational. Starting as a humble trader in Asian Spices, the company soon began to manage Britain‘s Indian empire.• Today, there is no sign, not even a plaque in any building or location in London announcing the existence of the world‘s one time most powerful corporation.• What brought about the demise of this powerful company in an era which was otherwise, promoting globalization? The company‘s legacy provides compelling lessons on how to ensure accountability and probity of today‘s global business. SURAKSHA SUCCESS SYSTEMS 2011
  • 52. 52 My Key Focus• The most fundamental challenge that all Institutions face is to ensure that employees promote the collective rather than their individual self interest.• Private trading by its managers became one of the cancers that gnawed at the company‘s ethical fiber. Taking ‗presents‘ to secure business became common place. These ‗presents‘ influenced the quality and cost of the commodities traded. The cancer erupted into intrigue, corruption and speculation leading to its tragic decline and its non existence today.• History has repeated itself with Barrings Bank, Bears Stearns, Lehman brothers, Fannie Mae and Freddie Mac personal greed versus corporate interest.• You need to deliberate on this and ensure that such temptations do not befall you. SURAKSHA SUCCESS SYSTEMS 2011
  • 53. 53 My Key Focus• The immediate and defining challenge for all of us today in our professional endeavours is that it would be increasingly difficult for us to claim innocence for ourselves in private enterprise on account of the profits we make, if the effect of our acts threatens or undermines the larger public interest.• In an interconnected and globalised world, it would simply not work as an excuse if our conduct and behavior are not fully informed of the larger implications of our acts on all our stake holders. SURAKSHA SUCCESS SYSTEMS 2011
  • 54. 54 My Key Focus• If the most powerful dictators of the world are unable to stem the tide of protest from their people, it would be naïve to assume that the so called private enterprise would be able to shield itself from the consequences of its actions either on the strength of its bottom-line or the economic doctrine of free markets.• This is what I would like to highlight as the requirement cast upon managers and entrepreneurs such as you in the time to come.• So far, we have been used to the requirement of probity and accountability in public life.• It is about time that the private enterprise too voluntarily embraces the values of probity and accountability to all their stakeholders. SURAKSHA SUCCESS SYSTEMS 2011
  • 55. 59The Danger of Invisible Corporate Power SURAKSHA SUCCESS SYSTEMS 2011
  • 56. 60 The Danger of Invisible Corporate Power• It may take several election cycles to scrub corporate influence and control from our political system.• Lets face it: Large corporations have our country, and us, in a death grip. Some of their bad behavior makes big headlines: the BP oil disaster, Goldman Sachs financial shenanigans, Enrons book-cooking. However, equally dangerous corporate activity happens every day, far from public view.• Corporations have seeped almost invisibly into nearly every government agency and too many congressional offices. And theyre as poisonous as carbon monoxide. In the last 20 years, protective legislation and regulation, carefully constructed from the days of President Coolidge and vastly strengthened due to the Depression, have seriously deteriorated.• Theres nothing inherently evil, or even bad, about corporations. Indeed, the combination of capital and management under one roof is efficient and essential in a global, competitive world. So much of our standard of living and our worldwide leadership are directly traceable to our corporate and entrepreneurial culture. But even good things, when they get out of control, turn destructive. Cancer, after all, is just growth gone wild. SURAKSHA SUCCESS SYSTEMS 2011
  • 57. 61 The Danger of Invisible Corporate Power• There has always been tension between good government and free enterprise. It hurts the bottom line to scrub emissions from coal-burning power generators, ensure meat is sanitary, clean up toxic waste, and disclose the full risks of financial products. But once corporations realized that instead of fighting government they could actually buy it through lobbying and political contributions, the base of our democracy eroded. Their "invisible power" got a grip. The stealthy hunt for corporate profits metastasized from the marketplace and entered the halls of Congress and the executive branch.• The fight over reforming Wall Street is just the latest example. The need for regulation is hardly theoretical here. Were still reeling from a crisis caused by the absence of it. Congress doesnt even need to reinvent the wheel, a favorite task. There were laws and regulations that had worked for so long, such as those to keep banks and investment brokers separate; require diligent lending; prohibit betting against your own borrowers; require full disclosure to borrowers; and, above all, keep the risk with the lenders to insure they make prudent loans.• So why has the debate on reform dragged on for nearly a year? The public wants Wall Street reined in. So why would any legislator, much less an entire political party, get in the way of financial reform? It cant just be a coincidence that the financial sector happens to be the biggest contributor to 2010 congressional campaigns, with more than $129 million doled out already. Financial firms have also spent well over a half a billion dollars on lobbying since early 2009. SURAKSHA SUCCESS SYSTEMS 2011
  • 58. 62 The Danger of Invisible Corporate Power• To reverse this situation we must change who gets elected to Congress. And that is the one thing we can do, and perhaps the only thing, to neutralize corporate control of our government. Only real people have the vote; corporations dont.• To regain our democracy, we must:• Identify and make public those elected representatives who owe their jobs to corporate largesse and cast their votes accordingly.• Insulate the election process from corporate funding. Bills in both the Senate and House that would forbid campaign spending by contractors who receive more than $50,000 in taxpayer funds would be a good start.• Prohibit lawmakers and lobbyists from interacting with each other, except to exchange ideas on legislation, and require them to publish a record of their contacts.• It may take several election cycles to scrub corporate influence and control from our political system, but once it starts it will gain momentum. And once weve accomplished this feat, appropriate regulation and control will follow. The horse will be before the cart, and the driver will be a human person.• http://www.ips-dc.org/articles/the_danger_of_invisible_corporate_power SURAKSHA SUCCESS SYSTEMS 2011
  • 59. 63Corporate Social Irresponsibility SURAKSHA SUCCESS SYSTEMS 2011
  • 60. 64 Corporate Social Irresponsibility• BP must come clean, both literally and figuratively.• The 1989 Exxon Valdez oil spill gave rise to the corporate social responsibility movement. The BP oil disaster may mark its collapse.• Over the past two decades, many organizations and investors have conducted an experiment in corporate behavior modification. An array of well-intentioned organizations promoted the idea that large corporations could be made to do the right thing, by urging them to sign voluntary codes of conduct and adopt other seemingly enlightened policies on environmental and social issues.• At first, management met this movement with resistance, but big business soon realized the advantages of projecting an ethical image--so much so that corporate social responsibility (known widely as CSR) is now used as a selling point by many firms. Chevrons "Will You Join Us" ad campaign, for example, apparently tries to convey the oil giant as a key player in global efforts to save the Earth.• Businesses found that a socially responsible image could serve as a buffer against aggressive regulation. While CSR proponents in the nonprofit sector didnt pursue a deregulatory agenda, the image of virtuous companies conveyed the message that strong government intervention was unnecessary. CSR dovetails with the efforts of corporations and their allies to undermine formal oversight of business activities. This is what General Electric was up to when it ran its "Ecoimagination" ads while lobbying to weaken air pollution rules governing the locomotives it makes. SURAKSHA SUCCESS SYSTEMS 2011
  • 61. 65 Corporate Social Irresponsibility• Recent events make it clear that a commitment to CSR can be too cosmetic. The corporation at the center of the Gulf oil disaster, BP, promoted itself as being socially responsible for many years. A decade ago it adopted a sunburst logo, acknowledged that global warming was a problem, and claimed to be going "beyond petroleum" by investing (modestly) in renewable energy sources. What did all that social responsibility mean if the corporation could still, as the emerging evidence suggests, cut corners on safety in one of its riskiest activities-- deepwater drilling?• BP is hardly unique in violating its self-professed "high standards." This year has also seen the moral implosion of Toyota, another darling of the CSR world. Only months after the Prius producer was chosen by the Ethisphere Institute as one of "the worlds most ethical companies," it was found that Toyota had failed to notify regulators or the public about its defective gas pedals. SURAKSHA SUCCESS SYSTEMS 2011
  • 62. 66 Corporate Social Irresponsibility• Goldman Sachs, widely despised these days for unscrupulous behavior during the financial meltdown, was a CSR pioneer in the investment banking world. In 2005 it was the first Wall Street firm to adopt a comprehensive environmental policy (after being pressured by grassroots organizations to do so), and it established a think tank on environmental markets.• When the members of a corporate rogues gallery all profess to be socially responsible, the concept becomes meaningless. The best that can be said is that these corporations may behave well in some respects while screwing up royally in others--the way that Wal-Mart is supposedly in the forefront of environmental reform while retaining its Neanderthal labor policies. Selective ethics are no more tolerable for corporations than they are for people.• BP must come clean, both literally and figuratively. The $20 billion escrow fund is a good start, but the corporation must also provide a full accounting of what went wrong in the Gulf and what it will do to improve safety conditions in all its operations. You can let BP know that true corporate social responsibility means more than cheery logos, catchy slogans, and token gestures by taking action today at StopCorporateAbuse.org/HallOfShame. SURAKSHA SUCCESS SYSTEMS 2011
  • 63. 67 Key Issues• Mainstreaming GRC into the Business Process• Road Map for Initiating GRC Program in an ERM and compliance strategies• Sharing of best practices• Unifying risk management across business units and departments• Gaining board buy-in in a meaningful way• Quantifying culture• International Perspective• Main drivers for GRC• GRC Convergence• Challenges for a unified GRC framework?• Common blocks?• Siloed risk function and impact on your GRC strategy SURAKSHA SUCCESS SYSTEMS 2011
  • 64. 68 Key Issues• Elements of a good Corporate Governance structure• Positioning the GRC structure right in the organizational hierarchy• GRC Integration with Governance: Instilling a culture of good corporate governance for GRC success• Changing approaches to corporate governance• Ethics and corporate governance• Integrating corporate governance with CSR• Linking good governance to your GRC strategy?• Evaluating the return on your GRC Investment• GRC Enabler: Information Governance SURAKSHA SUCCESS SYSTEMS 2011
  • 65. 90 Key Challenges• The cultural change is by far the biggest challenge.• Aligning functions that have similarity in process but a fundamental difference – the outward-facing nature of risk management, – the inward-facing nature of governance and the – all-encompassing nature of compliance - is not an easy prospect.• Corporate buy-in needs to be both top-down and bottom-up.• Executives need to lead by example.• Business units need to realise that GRC activities are a key part of their daily activity, not a nuisance to be set aside or hurried through.• Adoption of a common risk understanding, language and methodology.• Top management must prioritize risk and governance, and integrate it into the company strategy and objectives When optimizing for the whole, you sometimes are not going to be as efficient in the parts. SURAKSHA SUCCESS SYSTEMS 2011
  • 66. 91 Key Challenges• Breaking Corporate Inertia• Instilling an environment where all parts of the organisation are risk-confident.• Being creative about how to communicate about the framework is important, and the communication has to be continual and changing.• Continue to adapt, learn and be proactive. SURAKSHA SUCCESS SYSTEMS 2011
  • 67. 92 Road Ahead• Need to adopt C3I2 Approach – Coordination; – Communication; – Collaboration; – Integration ; and – Implementation• Overcome DRIP Syndrome – Data Rich Information Poor SURAKSHA SUCCESS SYSTEMS 2011
  • 68. 93 REFERENCES• 1 ―One for Three: Should governance, risk management, and compliance be tackled as one problem, or is this a classic case of scope creep?‖, CFO, Sept, 2007• http://www.corp-integrity.com/what-is-grc• Demystifying GRC by Lee Dittmar, Deloitte Consulting LLP; – http://www.deloitte.com/assets/Dcom- UnitedStates/Local%20Assets/Documents/us_grc_Demystifying%20GRC_Lee%20Dittmar. pdf• Source: Open Compliance Ethics Group – Pulling it all together: Integrated Solutions for Governance, Risk and Compliance; https://www.deloitte.com/assets/Dcom- Australia/Local%20Assets/Documents/Services/Risk%20services/Integrated%20solutions%20for%20G RC.pdf – http://www.myexpospace.com/OracleDemogrounds2008/PDFDOCLIB/GRC-Oraclegrcbrochure-08-11- 08.pdf• Standards for Integrated Governance, Risk and Compliance Management Scott L. Mitchell CEO, Open Compliance & Ethics Group smitchell@oceg.org – http://www.slideshare.net/Jackie72/download-4384868 SURAKSHA SUCCESS SYSTEMS 2011
  • 69. 94 REFERENCES• MetricStream Whitepaper Governance, Risk and Compliance Framework http://www.metricstream.com/pdf/whitepapers/ MetricStream_White_Paper_GRC.pdf• http://www.corp-integrity.com/integrity- ethics/why-policies-matter• http://www.ips- dc.org/articles/the_danger_of_invisible_corporate_ power• http://www.ips- dc.org/articles/corporate_social_irresponsibility SURAKSHA SUCCESS SYSTEMS 2011
  • 70. 95 REFERENCES• http://www.myexpospace.co m/OracleDemogrounds2008 /PDFDOCLIB/GRC- Oraclegrcbrochure-08-11- 08.pdf SURAKSHA SUCCESS SYSTEMS 2011
  • 71. SUNIL KOHLIIndian Defence Accounts ServiceJoint Secretary And Financial AdviserNational Disaster Management Authority (NDMA),and National Disaster Response Force(NDRF),Government of India, Ministry of Home Affairs, India # A-1, Safdarjang Enclave, Opposite AIIMS Trauma Centre,New Delhi 110 029Tel: +91 11 26701709 Office +91 11 26180503 Direct +91 11 26701715 Fax, +91 11 26133298 Residence +91 9868151472 MobileE Mail: kohlisk@gmail.com kohlifandma@gmail.com skkohli@ndma.gov.inWebsite: www.ndma.gov.inFACEBOOK: http://www.facebook.com/sunilkumarkohli 96 SURAKSHA SUCCESS SYSTEMS 2011
  • 72. 97 Streamlining Compliance • ISSUES • Is Compliance a separate and important management discipline? • Why should compliance be any different than finance, audit, legal or risk management departments as a mainstream management function? • A tool to integrate compliance management reporting into a more efficient and effective function is needed.Michael Rasmussen http://www.corp-integrity.com/wp-content/uploads/ 2010/12/StreamliningCompliance.pdf SURAKSHA SUCCESS SYSTEMS 2011
  • 73. 98CORPORATE CULTURE SURAKSHA SUCCESS SYSTEMS 2011
  • 74. 99SURAKSHA SUCCESS SYSTEMS 2011