The initial focus for a Governance, Risk & Compliance (GRC) program is to collect and disseminate information to stakeholders across the enterprise to enable early and systematic management of risk exposures and disclosures, and to prevent, detect, report and remedy violations for all applicable laws, regulations and policies. This is no small task. It entails automation of manual processing and elimination of redundancy and inconsistency in data and processes. Here is a list of the 10 most pressing GRC issues corporations are concerned with today:
- Regulatory compliance (e.g., Solvency II, Dodd-Frank, Basel III, etc.).
- Vendor supply chain (e.g., food, drug, medical).
- Audit (detection of internal control weaknesses, potential violations of policy).
- Enterprise risk management (both financial and nonfinancial, including brand reputation).
- Fraud (financial crimes in medical, financial, government and other areas, including money-laundering).
- Business continuity (disaster recovery from flood, storm, earthquake, terrorism, explosion, contamination).
- Health and safety environment (e.g., cessation of operations when workforce would be at unmanageable risk).
- Predatory and fair lending and financial reform.
- Sustainability and green initiatives.
- Privacy and information security.
When it’s time to choose a software solution to manage and automate data for GRC, ensure that it addresses operational risk management, policy management, the audit function, and business strategy planning and management. The emphasis beyond that base level of operational coverage is something that each organization will make based upon its needs, goals and risk appetite. GRC is the direction toward which all firms need to move to be successful and avoid the surprises that can cause them to cease operation or be acquired by a competitor (e.g., Enron, WorldCom, Lehman Brothers, Countrywide, New Century, IndyMac, Washington Mutual and Wachovia).
Watch the webcast: Integrating risk management with business strategy.