The document discusses establishing a governance, risk, and compliance (GRC) framework for sustainable businesses. It addresses how GRC covers governance at the board and executive level, risk management processes like risk identification and quantification, and compliance with laws and regulations. The presentation recommends developing a sustainable business-centered GRC strategy, having consistent controls frameworks, and ensuring compliance is fully embedded in business processes. It also notes major shifts requiring compliance programs to operate at a higher level, with implications like increased costs and litigation risks.

1. SS
Ten Slides in Ten Minutes:
Company Realities – Governance, Risk & Compliance
[Capturing the Hearts and Minds of Prospects & Clients]
Presented by:
Bill Graham APM.APMP
bill.graham@sales-synthesis.co.za
December, 2013
1

2. Sustainable Business Issues
• Governance
• Risk
• Legislative
• Security:
o Internal
o External
o Physical
2

3. Establishment of a Sustainable Business centric GRC Framework
Governance describes the overall management approach through which
senior executives direct and control the entire organisation. Governance
activities ensure that critical management information reaching the executive
team is sufficiently complete, accurate and timely to enable appropriate
management decision making and actions
Risk Management is the set of processes through which management
identifies, analyses, and, where necessary, responds appropriately to risks
that might adversely affect realisation of the organisation's business
objectives
Compliance means conforming with stated requirements through
management processes that identify the applicable requirements (e.g. laws,
regulations, contracts, strategies and policies) and prioritise, fund and initiate
any corrective actions deemed necessary.
Source: Various
3

4. Establishment of a Sustainable Business centric GRC Framework
Some companies use independent 3rd parties to undertake a first-level framework definition
G
R
Source: Various
C
4

5. Establishment of a Sustainable Business centric GRC Framework
Governance
Board Level
• Regulations establish board responsibilities
Executive
Management
• Ensure that the strategies support business aspirations
Governance is not a spectator sport
Leadership
Structure
• Delivery of value to the business
• Mitigation of identified risks
Processes
Source: Sales Synthesis
5

6. Establishment of a Sustainable Business centric GRC Framework
Risk Management
Risk Propensity
Reporting
Risk ID & Quantify
Compliance
Statutory
$
economic
Social
Environs
P()
Fragility Analysis
Source: Melrose Atteridge
Action
GRC Frameworks are well documented and supported
6

7. Establishment of a Sustainable Business centric GRC Framework
Compliance
Major Shifts in the Global Compliance Landscape:
• Standards bodies are tightening enforcement
• International breach notification laws
• More regulations = more (prescriptive) rules
• “Check list” approach not working any more
• Increased costs and risk i.e. litigation for compromised data; brand reputation
• More transparency = greater consequences
• Compliance is being forced to the “next level”
• Compliance is now a management issue
Source: Consult to Comply
GRC Frameworks are well documented and supported
7

8. Establishment of a Sustainable Business centric GRC Framework
Compliance
Compliance at the Next Level:
• Have you developed a sustainable business-centric compliance strategy?
• Do you have a consistent controls framework?
• Do you have the appropriate level of controls specific to your business?
• Can you easily articulate and defend your controls to auditors?
• Can you produce multiple reports for different purposes?
• Can you reduce repetitive manual tasks and redundant controls?
• Is compliance fully embedded in your business process?
• Are you prepared for the next round of upcoming regulations?
Source: Consult to Comply
GRC Frameworks are well documented and supported
8

9. Compliance Mapping
Risk Propensity
Reporting
Risk ID & Quantify
Compliance
Statutory
$
Compliance
Mapping
economic
Social
Environs
P()
Fragility Analysis
GRC Frameworks
Source: Melrose Atteridge & Consult to Comply
Action
are well documented and supported
9

10. The Governance, Risk & Compliance (GRC) Landscape
GRC permeates across the Business - an example of IT GRC
Source: Unknown
10