You may wonder “What is GRC about?” My response would be quite simply that GRC, short for Governance, Risk & Compliance, is all about fostering a corporate conscience in the day-to-day operations of your firm. At GRC’s core, is the notion that how corporate goals are met is as important as achieving those goals.
A stream of phrases comes to mind as I ponder GRC:
“It’s not whether you win or lose, it’s how you play the game.”
“Winning at what cost?”
“A good reputation is a rocky shore that is extremely difficult to return to once you leave it.”
Critical ingredients of a GRC program are strong and ethical leadership, acquisition of timely and accurate information, and successful deployment of powerful and reliable technology that enables businesses to effectively integrate their business strategy with their enterprise compliance and risk management programs.
What you don’t know can hurt you. GRC is about ensuring that your business is in control. It’s about being proactive rather than waiting to see what happens next. Specifically, GRC is:
- Knowing how to set achievable goals, given regulatory, market, technological, financial, ethical and operational constraints.
- Knowing your options by formulating and evaluating strategies for goal attainment.
- Knowing how you are doing, what risks are present and how well those risks are controlled as you strive to meet goals.
- Knowing what is required to ensure compliance with all applicable corporate policies and laws.
- Knowing what potential violations exist through continuous auditing of business practices, processes and operations.
Skeptical minds may question, “Why is GRC needed?” The answer is that today we see glaring examples of failures that could have been greatly lessened, or even avoided, if proper GRC programs had been in place – most notably the financial crisis and the oil spill in the Gulf of Mexico. But there have been many others where there has been overconfidence in the ability to anticipate and deal with ever-present unforeseen forces.
Read more about GRC in my blog, The Principled Achiever. Also take some time to learn more about overall governance, i.e. integrating risk management in your business strategies, by watching the webcast, Integrating risk management with business strategy.