A holistic approach to GRC Governance, risk and compliance processes need to evolve

摘要

Companies want to avoid being blindsided again, but they also want to capitalize on global growth trends. Therefore, successful management teams must be able to cut through business complexities to understand what risks lie beneath, allowing their companies to make "risk-informed" decisions while maintaining appropriate levels of controls. Organizations need to ensure that their governance, risk and compliance management processes evolve to anticipate growth, to support effective efforts to manage risk and compliance, and to drive organizational resilience. In a 2010 KPMG survey of more than 500 top-tier executives, 64 percent said that the convergence of governance, risk and compliance is a priority. To understand where an organization stands with its GRC, consider three questions: 1. Has the company identified current and emerging business risks that threaten achievement of its mission and strategic objectives? And is it taking the right risks? 2. Does the company have a governance structure, infrastructure and culture that can respond to risks while managing them? 3. Are the company's oversight functions (enterprise risk management, compliance, internal audit and Sarbanes-Oxley compliance) as effective and efficient as they could be in providing senior management with the level of assurance required? Once a management team understands the effectiveness of the oversight and control programs against the background of the risks, it can look at how to develop a holistic approach to GRC that serves as an enterprise model to help lead them through immediate and long-term risks, and succeed in the new business environment.