Governance, Risk and Compliance Today

Businesses today view Governance, Risk and Compliance (GRC) as adhering to a specific mandate and providing evidence in adhering to this mandate. Since the Sarbanes Oxley Act, organizations have spent significant amounts of time and money ensuring their internal controls over financial reporting are compliant. Additionally, it is a difficult, moving target to stay in front of it all. Just last year, the Public Company Accounting Oversight Board (PCAOB), which publishes the standards for auditing control over financial reporting, introduced the Auditing Standard 5, which has resulted in companies once again re-evaluating their internal controls.

This constant change in regulations has stretched organizations’ resources thin to meet new compliance needs. And it won’t be getting easier any time soon. In fact, Gartner predicts that new regulations will double every six years. This would cause organizations to see a drastic increase in their cost of compliance as they satisfy one regulatory mandate after another.

Good Governance is Good for Business

It is quite evident that taking a reactive approach to risk and compliance simply will not work in regulated environments. In order to innovate and stay ahead of the competition, organizations will have to rewrite the rules of the game. It would be impossible to “play by the rules” if the rules are being written as the business model evolves. Organizations will now need to look at good governance to provide the boundaries for their operations.

The antithesis of good governance for innovation is Enron Corporation, which was responsible for one of the largest and most complex bankruptcies in U.S. history. As the world’s dominant energy trader was facing financial collapse, one Enron executive was quoted in The New York Times as saying “the company’s core management philosophy was to be the first mover into a market and to make money in the initial chaos and lack of transparency.” As we now know, this “core philosophy” resulted in losses in the billions, prison terms and ruined lives.

Today, successful global enterprises are establishing a tone at the top that is loud and clear: Good governance will drive key initiatives. As governance provides the strategic direction for innovation, businesses will seek to maximize their returns from these initiatives. However, organizations will now need to include elements of risk management in their performance management activities. The blending of risk management with performance management provides organizations powerful insights. They can now measure and monitor performance to maximize shareholder value, while monitoring risk to ensure that returns are not diluted.

Standard & Poor’s, the world’s leading credit rating agency, believes that risk management is so crucial that an organization’s risk management practices must be taken into consideration before providing a credit rating. Risk management will need to become an integral part of the strategy and function as a catalyst to better performance. Organizations must realize that good governance should provide strategic direction to operations, and that performance should be measured after factoring known risks. This approach will literally shift compliance from an arduous, costly task, to a profitable competitive advantage.

The Evolving GRC Structure

As this paradigm shift occurs, a sea change will also occur within three key areas of an organization - people, processes and technology. The message from the boardroom needs to be that identifying, managing and controlling risks should be a part of every employee’s work culture. As an organization expands globally, its interactions with partners will also need to embrace these practices. While the availability of a global resource pool opens exciting possibilities, it presents additional governance and compliance issues that need to be identified and controlled. Business objectives can no longer focus on just maximizing returns. They need to identify and control risks that can prevent organizations from achieving these returns.

Your Technology Must be Nimble

Perhaps the greatest change will occur in how your technology infrastructure will need to adapt to this shift. Organizations today are investing in solutions on securing or protecting their technology infrastructure assets, which is good. But, Gartner predicts that by 2010, 80% of these initiatives will fail to deliver expected business results. The reason for this predicted failure is the lack of alignment between business objectives and GRC initiatives.

The change will be to have an Enterprise GRC framework that will link business objectives to any initiative to manage risk and compliance. The focus on business objectives will help identify critical business processes that are crucial to attaining these objectives. These processes can then be assessed for vulnerabilities and appropriate controls can be put in place. The focus on what is critical allows organizations to make judicial investments in risk management and compliance and therefore maximize the returns on their innovation strategies.

Conclusion

As the link between business objectives and managing risk and compliance becomes stronger, organizations will transform themselves into better corporate citizens and can leverage this transformation into enhancing their brand image and thus shareholder value.

Co-Create with C-Level Executive Consulting (CLEC)

CLEC’s co-creative approach to GRC can deliver successful results for you. Call 1(516)627-1877 or e-mail 

agalante@c-levelexecutiveconsulting.com to co-create with us on your next generation enterprise solution.