COMPLIANCE AND GOVERNANCE DIGEST
Key characteristics of a federated GRC strategy
Michael Rasmussen, Contributor
05.27.2008
Rating: -4.00- (out of 5)
|
This tip is part of our Basel II risk management and implementation guide.
Governance, risk and compliance (GRC) are interrelated issues affecting financial service organizations. In the past, financial service firms have approached areas of GRC as silos -- credit, market, operational, legal and regulatory risks -- operated autonomously of each other.
GRC is about organizational collaboration
Conversely, financial service firms now strive to develop a more integrated GRC strategy that permeates an organization's processes, decisions and culture. That change demands the sharing of information, assessments, metrics, risks, investigations and losses, all in an effort to reduce business uncertainty and produce predictable results.
This kind of "federated" GRC initiative involves a number of professional roles -- the corporate secretary, legal, credit risk, market risk, operational risk, audit, compliance, IT, ethics, corporate social responsibility, and finance. Initial success of a federated GRC program can be measured by the presence of the following characteristics:
Developing a GRC vision
Once the above-mentioned points are used to determine the basic operational effectiveness of a GRC program, it's time to turn the focus toward long-term strategic planning. Financial services firms face a complex array of risk and compliance demands. The complexity of risk and regulatory demands, as well as the nature of extended and global business, require that financial service organizations reengineer how they approach silos of governance, risk, and compliance by leveraging processes and information across GRC related business processes.
Developing a successful, long-term federated GRC program involves taking the following steps:
Get executive sponsorship. Financial firms that try to build their GRC strategy from the "bowels" of the organization face continual struggles, typically in the form of
To continue reading for free, register below or login
To read more you must become a member of SearchFinancialSecurity.com
internal political issues where GRC becomes a hydra with multiple heads going in different directions. It comes down to a matter of control as these different political heads vie for a leadership position in the GRC strategy. Executive sponsorship alleviates this by establishing a top-down direction. However, the bottom-up strategy still needs to be kept in perspective, as it is the people in the trenches that ultimately need to work in a consistent approach to GRC.
Define scope and roles. GRC is more than enterprise and/or operational risk. A successful GRC strategy within a financial firm is going to start conversations with all the stakeholders in GRC-related domains. Bringing these roles to a collaborative discussion and approach to GRC is what federation is about. A successful GRC strategy starts with defining the charter and vision for GRC and identifying the breadth of business processes and roles that will be incorporated into the GRC strategy.
Inventory current systems and processes. Getting the roles of GRC together leads to the next step of understanding how disparate GRC processes and systems have been implemented. Financial firms should undertake a detailed inventory of GRC-related processes, systems and technologies to identify where redundancy occurs and establish points of integration.
Build your roadmap. This means identifying short-term and long-term action plans. In the short-term, focus on easy wins to show the value of GRC, as well as pressing GRC issues that the organization is up against (e.g., Basel II, Solvency II, MiFID). For the long-term develop a plan to integrate the siloed areas of GRC that are not as pressing, such as Sarbanes-Oxley or operational risk.
Conclusion
Ignoring a federated view of GRC in today's financial services environment results in business processes, partners, employees, and systems behaving like leaves blowing in the wind. Without a GRC strategy, different parts of the organization end up going in different directions in their respective GRC silos. This leads to wasted resources, inefficiency, a lack of transparency, and significant exposure to the organization. GRC aligns them to be more efficient and manageable. Inefficiencies, errors and potential risks can be identified, averted or contained. This reduces the risk exposure of the financial service firm and creates better business performance.
About the author:
Michael Rasmussen (mrasmussen@corp-integrity.com) is with Corporate Integrity, LLC. Michael is the authority in understanding governance, risk and compliance (GRC). He is a sought-after keynote speaker, author and collaborator on GRC issues around the world and is noted for being the first analyst to define and model the GRC market for technology and professional services. Corporate Integrity, LLC is a strategy & research advisory firm providing education, research and analysis on enterprise governance, risk management and compliance.
|
|
|
|
|
|
