3. The meaning of GRC
It is possible for your organization to improve in all aspects just by improving its GRC.
In order to understand what GRC is and what scope it has in the economy, it is very
important to first grasp what GRC stands for and where it applies. GRC is nothing but
an blanket term for Governance, Risk and Compliance –Risk here, referring to risk
management.
Governance refers to proper task
deployment, proper management in terms
of internal and external policies, employee
safety; well-being, a healthy work
environment where the employer and the
employee are both satisfied and motivated.
Risk Management means the identification,
analysis, and mitigation of risks causing
financial, reputational, environmental
damage, market risks, health and safety risks,
risks due to changes in the regulations and
policies as prescribed by regulatory bodies
and the global environment and other
factors.
Nowadays, when cases of illegal business activities are frequently
brought to light, compliance has become of utmost importance to most
organizations. Compliance activities in a business include ensuring
timely assessments on how up-to-date the organization is with the
latest policies and regulations and ensuring that these policies and
mandates are strictly being followed.
5. For any business to truly grow beyond just existing, it is essential to have in place
some standard measures for proper management, optimal mitigation measures for
any risks that you may encounter while running the business, and some kind of a
reliable process which enables you to keep a check on how compliant your
business is with government approved regulations.
In cases of inefficient GRC management, it is common for organizations to be
publicly called out for discrepancies that lead to scams such as the Commonwealth
Games Scam of 2010, the 2G spectrum case, and the recently infamous PNB-Nirav
Modi case. This results in bad media representation, financial penalties, lawsuits,
and finally, loss of reputation.
The need for GRC
6. Efficiently managed GRC allows your business to develop a healthy work
environment where employees as well as employers are happy.
It allows you to successfully combat risks that may otherwise adversely affect your
business, as well as allows you to keep the government happy, by following all
necessary rules and legislations set by regulatory bodies and updating yourself time
and again about policies that have come into being.
Proper and integrated GRC management in any business would lead the business
to prosperity instead of disharmony between business functions due to GRC being
managed in silos. Silo management of GRC is considered out-dated and is widely
believed to be ineffective, with adequate reason.
The need for GRC
7. In the News: A massive fraud of Rs. 11, 400 crore at Punjab National Bank or
PNB by its own officials has landed India's second largest bank in a huge
controversy. The PNB fraud came to limelight on February 14 after the bank
complained to the CBI that its own officials violated rules and put out illegal
guarantee documents to help celebrity jeweller Nirav Modi secure credit from
banks abroad. PNB is now making attempts to recover the dues from the
jeweller who fled the country last month. Two central agencies - the Central
Bureau of Investigation (CBI) and the Enforcement Directorate (ED) - are
investigating the matter. Raids have also been conducted on Nirav Modi's firms
and jewellery showrooms. Luxury cars, watches and other assets have been
seized; property, bank accounts associated with him have also been attached.
Case Study: The PNB Scam
Source: https://www.ndtv.com/india-news/pnb-scam-involving-nirav-modi-how-the-events-unfolded-1816057
8. Case Study: Reasons behind the Scam
The reasons behind the PNB scam, as behind every scandal of the sort have
been attributed to the following discrepancies in the GRC process.
•The RBI stipulates that for the gems and jewellery sector, LoUs normally
should not be issued for more than 90 days. These have been issued by PNB for
a year, violating regulatory norms.
•The Reserve Bank of India (RBI) and the individual banks themselves prescribe
systemic controls such as internal inspections, reporting systems to higher
authorities on the state of credit exposure, concurrent audit, statutory audit,
RBI audit, and many more sporadic management audits are institutionalised to
ensure compliance at every stage. Beyond these, there are undefined controls
in branches. These controls were mismanaged and tampered with.
•The PNB case was witness to a number of operational and managerial risks
that were left unmitigated, which led to massive financial and reputational
losses for those involved.
Source: https://www.epw.in/engage/article/pnb-fraud-how-do-banks-manage-operational-risk
9. When talking about an integrated GRC framework, the pros are many and the
cons are none. With an effective integrated GRC framework, you gain:
• Higher quality information—Integrating business functions for a etter-
managed GRC allows administration to make better and timely decisions.
• Process optimization—Non-productive activities can be easily identified
and discontinued and value-added activities can be simplified and
modified to quicken time-consuming activities.
• Better capital allocation—Analyses of productive and unproductive
activities and consequential efforts promotes better allocation of financial
and human capital.
• Improved effectiveness—The net effect of all the activities above means
GRC activities are directed to the appropriate people and departments.
• Protected reputation—Efficient risk management enhances and protects
the company reputation and enhances compliance with regulatory bodies.
• Reduced costs— Effective GRC management lowers costs in the long run,
when taking the Returns On Investment into consideration. Enabling your
organization to save money at the same time as employing more efficient
methods for GRC management. Save money that you would otherwise
spend on legal issues arising from non-compliance.
Benefits of an Integrated GRC framework
10. Some organizations manage their GRC processes manually. Increasingly,
however, organizations are switching to integrated GRC management
instead of managing their GRC in silos, due to ease-of-effort and efficiency.
Still one finds, more and more organizations these days are employing
software solutions to their GRC problems. These solutions do all the time-
consuming, stress-inducing work for you. From organizing and managing
audits, to business continuity planning. These solutions are highly
efficient, and often, customizable to your own needs and preferences.
How you can have an integrated GRC framework
11. Companies that choose to integrate their GRC processes instead of
managing them in silos are generally found to have a better success rate,
lower risks, and a better reputation, since compliance-related penalties
are easily avoided. Thus, by improving just three areas of business
functions- Governance, Risk and Compliance, it is possible to have the
growth and improvement of your business completely under your control.
Once organizations realize the potential of proper and integrated GRC
management and put it to work, either manually, or through a GRC
solution, it is safe to expect growth manifold.
Conclusion