Governance, risk and compliance framework

10,197 views

Published on

Published in: Business, Economy & Finance

Governance, risk and compliance framework

  1. 1. Governance, Risk and Compliance (GRC)Framework
  2. 2. Three Elements of Governance, Risk and Compliance Process  Governance is the oversight role and the process by which companies manage and mitigate business risks.  Risk management enables an organization to evaluate all relevant business and regulatory risks and controls and monitor mitigation actions in a structured manner.  Compliance ensures that an organization has the processes and internal controls to meet the requirements imposed by governmental bodies, regulators, industry mandates or internal policies.
  3. 3. Governance:  With an increase in activism among shareholders and increased scrutiny from the regulatory bodies, corporate boards and executive teams are more focused on governance related issues than ever before.
  4. 4. The Elements of Governance Process Within the Organization  Definition and Communication of Corporate Control  Key Policies  Enterprise Risk Management  Regulatory and Compliance Management and oversight (e.g. compliance with ethics and options compliance as well as overall oversight of regulatory issues)  Evaluating business performance through balanced scorecards, risk scorecards and operational dashboards
  5. 5. Risk Management:  With the recent jump in regulatory mandates and increasingly activist shareholders, many organizations have become sensitized to identifying and managing areas of risk in their business: whether it is financial, operational, IT, brand or reputation related risk. These risks are no longer considered the sole responsibility of specialists.  Executives and the boards demand visibility into exposure and status so they can effectively manage the organization’s long-term strategies.
  6. 6. Compliance:  An initiative to comply with a regulation typically begins as a project as companies race to meet deadlines to comply with that regulation.  However, compliance is not a one-time event – organizations realize that they need to make it into a repeatable process, so that they can continue to sustain compliance with that regulation at a lower cost than for the first deadline.  The compliance process enables organizations to make compliance repeatable and hence enables them to sustain it on an ongoing basis at a lower cost.
  7. 7. Compliance:  An initiative to comply with a regulation typically begins as a project as companies race to meet deadlines to comply with that regulation.  However, compliance is not a one-time event – organizations realize that they need to make it into a repeatable process, so that they can continue to sustain compliance with that regulation at a lower cost than for the first deadline.  The compliance process enables organizations to make compliance repeatable and hence enables them to sustain it on an ongoing basis at a lower cost.
  8. 8. Why GRC is Important Now?
  9. 9. The GRC Process
  10. 10. Benefits of Taking an Integrated GRC Approach  Have a dramatic positive impact on organizational effectiveness by providing a clear, unambiguous process and a single point of reference for the organization  Eliminate all redundant work in various initiatives  Eliminate duplicative software, hardware, training and rollout costs as multiple governance, risk and compliance initiatives can be managed with one software solution  Provide a “single version of the truth” available to employees, management, auditors and regulatory bodies
  11. 11. End

×