This tip is part of our Basel II risk management and implementation guide.
GRC is about organizational collaboration
Conversely, financial service firms now strive to develop a more integrated GRC strategy that permeates an organization's processes, decisions and culture. That change demands the sharing of information, assessments, metrics, risks, investigations and losses, all in an effort to reduce business uncertainty and produce predictable results.
This kind of "federated" GRC initiative involves a number of professional roles -- the corporate secretary, legal, credit risk, market risk, operational risk, audit, compliance, IT, ethics, corporate social responsibility, and finance. Initial success of a federated GRC program can be measured by the presence of the following characteristics:
- Sustainability. Financial service firms demand a sustainable process and infrastructure for GRC requirements that are becoming more sustained and onerous. Further, financial service must assess their risk and compliance management practices on a continuous basis; with the speed of business, point-in-time assessments are no longer good enough. The dynamic nature of the financial services industry demands that an organization address GRC collaboratively and continuously.
- Consistency. Financial service firms require that multiple roles in the organization work together in an integrated framework. This requires that a common framework be in place so the varying business functions in a financial services firm understands where they fit and how they can share and collaborate data. GRC is getting everyone to play their different positions (roles within the enterprise) from the same playbook. Consistency provides a holistic picture of GRC so that the financial services organization can draw attention to disasters and capture opportunities.
- Efficiency. Redundant assessments and audit processes that look for similar information for different purposes are preventing enterprises from getting business done. GRC aims to ease the burden on business areas by leveraging common processes, assessments and information.
- Transparency. Financial service firms require transparency across key performance and risk indicators to monitor organizational health, take advantage of opportunity and avert or mitigate disasters. Corporate performance management is tightly related to risk management. When done correctly, performance and risk management are two sides of the same coin.
Developing a GRC vision
Once the above-mentioned points are used to determine the basic operational effectiveness of a GRC program, it's time to turn the focus toward long-term strategic planning. Financial services firms face a complex array of risk and compliance demands. The complexity of risk and regulatory demands, as well as the nature of extended and global business, require that financial service organizations reengineer how they approach silos of governance, risk, and compliance by leveraging processes and information across GRC related business processes.
Developing a successful, long-term federated GRC program involves taking the following steps:
Ignoring a federated view of GRC in today's financial services environment results in business processes, partners, employees, and systems behaving like leaves blowing in the wind. Without a GRC strategy, different parts of the organization end up going in different directions in their respective GRC silos. This leads to wasted resources, inefficiency, a lack of transparency, and significant exposure to the organization. GRC aligns them to be more efficient and manageable. Inefficiencies, errors and potential risks can be identified, averted or contained. This reduces the risk exposure of the financial service firm and creates better business performance.
About the author:
Michael Rasmussen (firstname.lastname@example.org) is with Corporate Integrity, LLC. Michael is the authority in understanding governance, risk and compliance (GRC). He is a sought-after keynote speaker, author and collaborator on GRC issues around the world and is noted for being the first analyst to define and model the GRC market for technology and professional services. Corporate Integrity, LLC is a strategy & research advisory firm providing education, research and analysis on enterprise governance, risk management and compliance.
This was first published in May 2008