SlideShare una empresa de Scribd logo

The Unexpected Benefits of a Unified Approach to Governance, Risk, and Compliance (GRC)

Enterprise Technology Management (ETM)
Enterprise Technology Management (ETM)

Stringent corporate governance, and accountability reforms, that followed the corporate failures of the past, have dramatically changed today's business environment - placing great responsibility on the management and demanding seamless operations. Organizations across the globe are constantly being challenged to navigate through a proliferation of new standards and expectations in a way that supports performance objectives, sustains value, and protects the organization's brand. Whether we like it or not, all corporations have to comply with regulations and at the same time establish their credibility with investors, other stakeholders, and the broader public. All these factors, brought together, have fuelled the convergence of distinct, yet entwined disciplines of the Governance, Risk, and Compliance (GRC).

TecnologíaEmpresarialesEconomía y finanzas
1 de 4
GOVERNANCE, RISK & COMPLIANCE MetricStream Insights The Unexpected Benefits of a Unified Approach to Governance, Risk, and Compli- ance (GRC) By: Charles Goldenberg,VP GRC Solutions ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ INTRODUCTION Stringent corporate governance, and accountability reforms, that followed the corporate failures of the past, have dramatically changed today's business environment - placing great responsibil- ity on the management and demanding seamless operations. Organizations across the globe are constantly being challenged to navigate through a proliferation of new standards and expecta- MetricStream Inc. and NASDAQ jointly organized a tions in a way that supports performance objectives, sustains web seminar on March 4, 2008. The event brought value, and protects the organization's brand. Whether we like it or together a panel of experts committed to develop not, all corporations have to comply with regulations and at the and use a holistic approach that addresses chal- same time establish their credibility with investors, other stake- lenges in corporate governance, risk management, holders, and the broader public. All these factors, brought to- and compliance. The theme of the seminar is ‘The gether, have fuelled the convergence of distinct, yet entwined Unexpected Benefits of a Unified Approach to disciplines of the Governance, Risk, and Compliance (GRC). Governance, Risk, and Compliance (GRC)’. Partici- pants had the opportunity to attend interactive On March 4, 2008, MetricStream Inc. along with NASDAQ sessions, discuss how following a unified approach conducted a web seminar, titled, ‘The Unexpected Benefits of a not only help mitigate corporate risk but also accrue Unified Approach to Governance, Risk, and Compliance (GRC)’ unexpected benefits to the organization. It takes a hosted by Mike Oxley, Vice Chairman NASDAQ, myself and other detailed look on unified Governance, Risk and eminent speakers - Jonathan Barr, Partner Baker Hostetier; Ken Compliance (GRC) – a discipline becoming increas- Denman, Chairman and CEO, iPass Inc; and Scott Mitchell, ingly important to enterprises around the globe; and Chairman and CEO, The Open Compliance and Ethics Group. I had proceeds to discuss the emerging perception of GRC the privilege to be one of the speakers along with Mike Oxley, the as an integrated set of concepts that, when applied former Congressman and co-creator of the SOX mandate. As holistically within an organization can add significant always, one of the best parts of the webinar was meeting the value and provide competitive advantage. fellow GRC professionals - exchanging ideas, and the presenting new tools and resources to support the critical business functions You can access the archived session at http:// of Governance, Risk, and Compliance Management. Our discus- www.shareholder.com/NDQCCG/ sion focused on the unexpected benefits of a unified approach to MediaRegister.cfm?MediaID=30003 GRC - providing fresh perspective into the GRC processes, and the resulting benefits.
GOVERNANCE, RISK & COMPLIANCE Mike Oxley, while hosting the webinar initiated the discussion. He these devastating results for Titan and people at Titan to made noted,"GRC is an increasingly recognized term that reflects the carrier decisions not in an institute on an effective compliance new ways organizations focus on integrated approach to the three program." areas of Governance, Risk, and Compliance. GRC was brought into focus in 2002 by the introduction of SOX and regulatory measures Due to high costs of compliance, organizations are now increas- including NASDAQ’s listing standards. This created an environ- ingly demanding more from their compliance approaches. In ment of transparency and accountability; and the investors’ particular, they want to replace siloed solutions that address confidence began to restore. Companies began to realize that individual compliance issues with a more holistic approach-an taking a singular approach to these approaches is quite expensive. approach that can support myriad Governance, Risk Management, Taking a unified risk based approach to GRC allows corporation to and Compliance mandates and better align with business objec- identify priorities, and rightly allocate resources, to highly impor- tives. Ken Denman pointed out that siloed approach potentially tant risk topics. By putting a unified structure in place to manage increases the overall business risk for the organizations – resulting GRC, companies can streamline business process, gain better in proliferation of inconsistent documents, emails, and spread- visibility in operations, and make better decisions more quickly; sheets which often results in errors, duplicity and redundancy. resulting in more secured and controlled environment." These factors often cause costs to spiral out of control. For this reason the concept of a cross-functional convergence of these Most of the GRC initiatives have been driven by the need to activities represents a progressive approach, and is quickly maintain organizational agility while adhering to highly rigid and replacing the traditional fragmented or silo mentality. This ap- ever-increasing compliance mandates. In last three years, there proach aims to unify the management of "Governance", "Risk" and have been more than 14,000 new regulations issued by the U.S. "Compliance" and optimize these activities in order to help government - reaching across the entire spectrum of business overcome the problems caused by business fragmentation and operation activities. The most commonly cited regulations include disjointed approaches. Sarbanes-Oxley (SOX), OSHA, ISO, FCPA, AML, Patriot Act, ITAR, and NASDAQ Rules. The demand for compliance doesn’t stop Discussing the scope of GRC department for an organization, there. In addition to external regulatory compliance, an effective Mitchell held, "The Governance, risk and compliance department is compliance program must also address internal compliance needs often labeled as the department of NO – always telling people such as management of financial risk related to capital allocation, what not to do. Our response to such criticism is that fastest cars market, and insurance, as well as needs related to HR policies, need the best brakes. You actually design brakes to moderate product quality standards, health and safety regulations, IT speed in the direction of vehicle. These aspects of the vehicle are governance, and best practices. Meeting both internal and engineered right there, build in to the way the vehicle functions. external compliance standards has become a multimillion dollar Very similarly if we think about the organization, we need to think challenge at many companies. It's estimated that companies will about how we can build a GRC model, and engineer into the spend more than $31B on GRC in 2008, according to the AMR business to get maximum impact from those processes cost- Research. Ken Denman, held that, "Compliance failure can directly effectively." erode value – translating into reductions in EBITDA and market capitalization.” Jonathan R. Barr held the same view. He cited an SO WHAT ARE THESE BRAKES, WHAT ARE THESE GRC PRO- example of Titan Corporation as an evidence of far-reaching CESSES? consequences of non-compliance. He noted, “Take the example of GRC processes are the organization’s practices and the various Titan Corporation. It engaged in FCPA violations during the period roles that top management, and the rest of the organization play in of 1999 to 2001, and was cited by FCPA official as, “a poster child relation to oversight, strategy, risk management, and strategy of how to not have an FCPA compliance program”. In 2005, Titan execution regarding compliance with laws and regulations, and pled guilty to three felonies. It paid $28.5 million in penalties and internal policies and procedures. These processes identify and fines and as a condition of probation had to institute a strict prioritize compliance-related risks that need to be managed and compliance program in internal controls to prevent future FCPA controlled, set an ethical "tone at the top" to pervade the entire violations. And as a result, Lockheed Martin Corporation backed organization, and support the necessary structural changes. away from planned acquisition of Titan. We should all agree with Further it addresses issues of corporate governance and
GOVERNANCE, RISK & COMPLIANCE strengthens stakeholder relations through more timely and transparent reporting. While there is no single recipe for a GRC model; each company is pursuing its own tailor-made approach to follow GRC practices and processes. According to Mitchell, “Much of risk and complexity, which we face, can be addressed using a harmonized approach to governance, risk and compliance. We follow the process called GRC – Backbone, and it has a foundation of People, Process, and Technology to serve each and every customer”. An effective GRC program begins with dual commitments from people: from management to build a culture of compliance and the other from individuals to honor this culture and conduct business accordingly. From there, management examines the internal and external compliance requirements, ties At MetricStream, we believe that the first step towards GRC them to specific policies, and creates controls to help ensure implementation includes introduction of a closed-loop remediation processes adhere to these policies. Technology helps them process. As the organization starts looking at the issues related to achieve these objectives further. When properly implemented, Governance, risk and compliance, it starts inducing a self healing technology can automate and streamline the controls and pro- effect – creating an environment with ensured compliance, cesses needed to achieve overall compliance and efficiency. reduced risks, and trimmed expenditures. This further leads to reduced residual and inherent risks - making it much easier to At MetricStream, we have developed a GRC balanced score card achieve the desired level of risk that the organization wants to which assesses the specific areas where our clients can and operates with. As GRC processes are efficiently engrained across should be achieving benefits from the GRC program. We first the entire value chain, there is a decline in incurred IT costs. consider GRC objectives - driving shareholder value, lowering Finally there is a move towards creating a compliance culture and inherent business risks, and building compliance culture. Next up increasing corporate social responsibility, a notion of being a in the operational segment of the scorecard is lowering the cost of compliance first mover. As the compliance culture takes route, it compliance, then enhancing customer satisfaction, and then ensues in the final step in terms of how risk can be cost-effec- reducing the business risks. tively moderated in the organization. IMPLEMENTING GRC PROCESSES: ROADMAP TO BETTER BUSINESS PERFORMANCE In a survey by PricewaterhouseCoopers 1, 64% of Today, we are at an important crossway. Given the significant the CEO’s from various organizations accredited GRC investments companies have made in building GRC practices and for having a major, positive impact on legal liabili- technologies, we frequently ponder on an important question: How ties, and 56% for reputation and brand. One third of can we leverage GRC programs to realize business value? How our the CEOs felt that GRC had a major impact on their clients can get a return on investment for their GRC programs? relationships with ratings agencies, financial perfor- Long-term success requires that integrated and comprehensive mance, operational efficiency, and relationships with GRC be mandated by the board of directors, driven by senior business partners. management, and executed across all levels of the company. Jonathan Barr holds that effective compliance program starts with “The Tone at the Top”- it is important to set the tone at the top by ensuring institutional support for a well designed GRC process. For instance, hiring a chief GRC officer who drives the systematic adoption of GRC across the organization based on a gap analysis, demonstrating the extent of unmitigated business risk and prioritizing next steps.
While listing the critical success factors, Mitchell, said, "First step REFERENCES is to think big and start small. You can take two or three silos and 8th Annual Global CEO Survey- Bold Ambitions, Careful Choices apply these ideas right away; expect 30 to 50% savings in costs by PRICEWATERHOUSECOOPERS as you apply these ideas. Next, make sure is that these groups http://www.pwc.com/extweb/pwcpublications.nsf/docid/ speak the same language while talking about risk and response to 7cdcff226463d29e85256fd9006ade69 risk, synchronizing with the existing rhythm of business and processes. And finally think about how you can embed GRC with your business" Further, the real business value comes from leveraging GRC as a proactive management instrument – not just in terms of avoiding the costs of noncompliance, but in terms of creating value, and driving revenue and competitive advantage. There is a growing array of automated tools, strategies and approaches, which can be used to leverage GRC initiatives within an enterprise. For instance, tools like corporate risk database, enterprise risk calculator, risk analytics, risk heat maps, reporting and visualization, central GRC repository, threshold-based notifica- tions and reminders, and program dashboards promote business viability by unifying corporate strategy, control initiatives, opportu- nity discovery, and loss mitigation across the enterprise. CONCLUSION A unified GRC framework lays down the strategic and comprehen- sive approach for successful business management - providing transparency and efficiency across the enterprise. Most innova- tive companies, today, are stepping up to face the challenges of managing GRC in a holistic and strategic manner. GRC experts anticipate that, “in coming years, firms will establish risk and compliance architectures, develop risk intelligence, and implement GRC platforms, along with centralized communication and training on corporate policies and procedures. Further, there will be a ABOUT METRICSTREAM continued evolution of the enterprise role that is responsible for MetricStream is a market leader in Enterprise-wide Gover- managing GRC".. Most organizations have recognized the need, nance, Risk, Compliance (GRC) and Quality Solutions for global have deepened their GRC domain expertise, and are investing in corporations. MetricStream solutions are used by leading automated solutions that will enable them to achieve the goal of corporations such as Pfizer, Philips, American Airlines, managing GRC with confidence. These solutions work together to NASDAQ, Hitachi, Aurobindo Pharma, Sandisk, BP, Entergy, automate end-to-end GRC activities, including corporate gover- Subway, Fairchild Semiconductor, and TaylorMade-Adidas Golf nance and oversight; risk management; control testing and in diverse industries such as Pharmaceuticals, Medical remediation case management; and user access and authoriza- Devices, Automotive, Food, High Tech Manufacturing, Energy tion. and Financial Services to manage their quality processes, regulatory and industry-mandated compliance and corporate The collective opinion was that, by embarking on a unified GRC governance initiatives, as well as by over a million compliance strategy, you can proactively achieve significant returns on your professionals worldwide via the ComplianceOnline.com portal. investment. It not only helps ensure good governance and compliance, but also reduces the effort involved; so that people MetricStream can focus more on the business. www.metricstream.com info@metricstream.com © Copyright 2007, MetricStream, Inc. All rights reserved.

Recomendados

A strategic framework_for_governance,_ri
A strategic framework_for_governance,_riA strategic framework_for_governance,_ri
A strategic framework_for_governance,_rinmbbhe001
 
Increasing Business Agility: An Integrated Approach to Governance, Risk, and ...
Increasing Business Agility: An Integrated Approach to Governance, Risk, and ...Increasing Business Agility: An Integrated Approach to Governance, Risk, and ...
Increasing Business Agility: An Integrated Approach to Governance, Risk, and ...FindWhitePapers
 
Achieving Efficient GRC Through Process And Automation
Achieving Efficient GRC Through Process And AutomationAchieving Efficient GRC Through Process And Automation
Achieving Efficient GRC Through Process And AutomationJordi Planas Manzano
 
Common failures of risk management
Common failures of risk management Common failures of risk management
Common failures of risk management Surajit Datta
 
Blanchard a-leadership-imperative-oil-and-gas-wfcssinbsscq
Blanchard a-leadership-imperative-oil-and-gas-wfcssinbsscqBlanchard a-leadership-imperative-oil-and-gas-wfcssinbsscq
Blanchard a-leadership-imperative-oil-and-gas-wfcssinbsscqNagalakshmi Thirunavukkarasu
 
What Is Corporate Resilience
What Is Corporate ResilienceWhat Is Corporate Resilience
What Is Corporate ResilienceBBRAES
 
Corporate Culture Index Overview
Corporate Culture Index OverviewCorporate Culture Index Overview
Corporate Culture Index OverviewBusiness Integrity Alliance
 
How agile is your process
How agile is your processHow agile is your process
How agile is your processVishal Balani
 

Recomendados

A strategic framework_for_governance,_ri
A strategic framework_for_governance,_riA strategic framework_for_governance,_ri
A strategic framework_for_governance,_rinmbbhe001
 
Increasing Business Agility: An Integrated Approach to Governance, Risk, and ...
Increasing Business Agility: An Integrated Approach to Governance, Risk, and ...Increasing Business Agility: An Integrated Approach to Governance, Risk, and ...
Increasing Business Agility: An Integrated Approach to Governance, Risk, and ...FindWhitePapers
 
Achieving Efficient GRC Through Process And Automation
Achieving Efficient GRC Through Process And AutomationAchieving Efficient GRC Through Process And Automation
Achieving Efficient GRC Through Process And AutomationJordi Planas Manzano
 
Common failures of risk management
Common failures of risk management Common failures of risk management
Common failures of risk management Surajit Datta
 
Blanchard a-leadership-imperative-oil-and-gas-wfcssinbsscq
Blanchard a-leadership-imperative-oil-and-gas-wfcssinbsscqBlanchard a-leadership-imperative-oil-and-gas-wfcssinbsscq
Blanchard a-leadership-imperative-oil-and-gas-wfcssinbsscqNagalakshmi Thirunavukkarasu
 
What Is Corporate Resilience
What Is Corporate ResilienceWhat Is Corporate Resilience
What Is Corporate ResilienceBBRAES
 
Corporate Culture Index Overview
Corporate Culture Index OverviewCorporate Culture Index Overview
Corporate Culture Index OverviewBusiness Integrity Alliance
 
How agile is your process
How agile is your processHow agile is your process
How agile is your processVishal Balani
 
Corporate Culture Index Market Overview 2.0
Corporate Culture Index Market Overview 2.0Corporate Culture Index Market Overview 2.0
Corporate Culture Index Market Overview 2.0Business Integrity Alliance
 
The Globally Integrated Enterprise and the Insurance Factory Model
The Globally Integrated Enterprise and the Insurance Factory ModelThe Globally Integrated Enterprise and the Insurance Factory Model
The Globally Integrated Enterprise and the Insurance Factory ModelDavid S. Lipien, PMP, MCP
 
Ch03 changing the culture report
Ch03 changing the culture reportCh03 changing the culture report
Ch03 changing the culture reportKrizelle Dinlasan
 
Energy Risk Management
Energy Risk Management Energy Risk Management
Energy Risk Management MetricStream Inc
 
Five Disciplines of Organizational Resilience
Five Disciplines of Organizational ResilienceFive Disciplines of Organizational Resilience
Five Disciplines of Organizational ResilienceMissionMode
 
Esther R. Sawyer Research Manuscript - Final
Esther R. Sawyer Research Manuscript - Final Esther R. Sawyer Research Manuscript - Final
Esther R. Sawyer Research Manuscript - Final Andrew John Hagen
 
Organisational Resilience Paper v0.021
Organisational Resilience Paper v0.021Organisational Resilience Paper v0.021
Organisational Resilience Paper v0.021Steven McLaren
 
Riskpro construction industry 2013
Riskpro construction industry 2013Riskpro construction industry 2013
Riskpro construction industry 2013Rahul Bhan (CA, CIA, MBA)
 
Riskpro Construction Industry
Riskpro Construction IndustryRiskpro Construction Industry
Riskpro Construction IndustryRahul Bhan (CA, CIA, MBA)
 
Building organisational resilience
Building organisational resilienceBuilding organisational resilience
Building organisational resilienceAaron Gracey MA MSc PGCE FinstLM
 
Integrated Risk Management Whitepaper - CAMMS
Integrated Risk Management Whitepaper - CAMMSIntegrated Risk Management Whitepaper - CAMMS
Integrated Risk Management Whitepaper - CAMMSCAMMS
 
Riskpro construction industry
Riskpro construction industryRiskpro construction industry
Riskpro construction industryRahul Bhan (CA, CIA, MBA)
 
Building Organisational Resilience
Building Organisational ResilienceBuilding Organisational Resilience
Building Organisational ResilienceAtul
 
Securities America Financial Corp.-Monthly Newsletter-3/11
Securities America Financial Corp.-Monthly Newsletter-3/11Securities America Financial Corp.-Monthly Newsletter-3/11
Securities America Financial Corp.-Monthly Newsletter-3/11Securities America Inc.
 
ACO Webcast Is your Organization Ready
ACO Webcast Is your Organization ReadyACO Webcast Is your Organization Ready
ACO Webcast Is your Organization ReadyDrew Nietert
 
Business continuity management and risk -The role of standards
Business continuity management and risk -The role of standardsBusiness continuity management and risk -The role of standards
Business continuity management and risk -The role of standardsBSI British Standards Institution
 
Sustainable Businesses
Sustainable Businesses Sustainable Businesses
Sustainable Businesses Grant Thornton
 
The Risk Earnings Ratio
The Risk Earnings RatioThe Risk Earnings Ratio
The Risk Earnings RatioSimon Baker-Chambers
 
IDC Energy Insights - Enterprise Risk Management
IDC Energy Insights - Enterprise Risk ManagementIDC Energy Insights - Enterprise Risk Management
IDC Energy Insights - Enterprise Risk ManagementFindWhitePapers
 
The art of building a winning team - Construction Manager Article
The art of building a winning team - Construction Manager ArticleThe art of building a winning team - Construction Manager Article
The art of building a winning team - Construction Manager ArticleDonnie MacNicol
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementMetricStream Inc
 
ComplianceOnline Virtual Seminar - IFRS and Effective Fraud Prevention Strate...
ComplianceOnline Virtual Seminar - IFRS and Effective Fraud Prevention Strate...ComplianceOnline Virtual Seminar - IFRS and Effective Fraud Prevention Strate...
ComplianceOnline Virtual Seminar - IFRS and Effective Fraud Prevention Strate...ComplianceOnline
 

Más contenido relacionado

La actualidad más candente

The Globally Integrated Enterprise and the Insurance Factory Model
The Globally Integrated Enterprise and the Insurance Factory ModelThe Globally Integrated Enterprise and the Insurance Factory Model
The Globally Integrated Enterprise and the Insurance Factory ModelDavid S. Lipien, PMP, MCP
 
Ch03 changing the culture report
Ch03 changing the culture reportCh03 changing the culture report
Ch03 changing the culture reportKrizelle Dinlasan
 
Five Disciplines of Organizational Resilience
Five Disciplines of Organizational ResilienceFive Disciplines of Organizational Resilience
Five Disciplines of Organizational ResilienceMissionMode
 
Esther R. Sawyer Research Manuscript - Final
Esther R. Sawyer Research Manuscript - Final Esther R. Sawyer Research Manuscript - Final
Esther R. Sawyer Research Manuscript - Final Andrew John Hagen
 
Organisational Resilience Paper v0.021
Organisational Resilience Paper v0.021Organisational Resilience Paper v0.021
Organisational Resilience Paper v0.021Steven McLaren
 
Integrated Risk Management Whitepaper - CAMMS
Integrated Risk Management Whitepaper - CAMMSIntegrated Risk Management Whitepaper - CAMMS
Integrated Risk Management Whitepaper - CAMMSCAMMS
 
Building Organisational Resilience
Building Organisational ResilienceBuilding Organisational Resilience
Building Organisational ResilienceAtul
 
Securities America Financial Corp.-Monthly Newsletter-3/11
Securities America Financial Corp.-Monthly Newsletter-3/11Securities America Financial Corp.-Monthly Newsletter-3/11
Securities America Financial Corp.-Monthly Newsletter-3/11Securities America Inc.
 
ACO Webcast Is your Organization Ready
ACO Webcast Is your Organization ReadyACO Webcast Is your Organization Ready
ACO Webcast Is your Organization ReadyDrew Nietert
 
Business continuity management and risk -The role of standards
Business continuity management and risk -The role of standardsBusiness continuity management and risk -The role of standards
Business continuity management and risk -The role of standardsBSI British Standards Institution
 
Sustainable Businesses
Sustainable Businesses Sustainable Businesses
Sustainable Businesses Grant Thornton
 
IDC Energy Insights - Enterprise Risk Management
IDC Energy Insights - Enterprise Risk ManagementIDC Energy Insights - Enterprise Risk Management
IDC Energy Insights - Enterprise Risk ManagementFindWhitePapers
 
The art of building a winning team - Construction Manager Article
The art of building a winning team - Construction Manager ArticleThe art of building a winning team - Construction Manager Article
The art of building a winning team - Construction Manager ArticleDonnie MacNicol
 

La actualidad más candente (20)

Corporate Culture Index Market Overview 2.0
Corporate Culture Index Market Overview 2.0Corporate Culture Index Market Overview 2.0
Corporate Culture Index Market Overview 2.0
 
The Globally Integrated Enterprise and the Insurance Factory Model
The Globally Integrated Enterprise and the Insurance Factory ModelThe Globally Integrated Enterprise and the Insurance Factory Model
The Globally Integrated Enterprise and the Insurance Factory Model
 
Ch03 changing the culture report
Ch03 changing the culture reportCh03 changing the culture report
Ch03 changing the culture report
 
Energy Risk Management
Energy Risk Management Energy Risk Management
Energy Risk Management
 
Five Disciplines of Organizational Resilience
Five Disciplines of Organizational ResilienceFive Disciplines of Organizational Resilience
Five Disciplines of Organizational Resilience
 
Esther R. Sawyer Research Manuscript - Final
Esther R. Sawyer Research Manuscript - Final Esther R. Sawyer Research Manuscript - Final
Esther R. Sawyer Research Manuscript - Final
 
Organisational Resilience Paper v0.021
Organisational Resilience Paper v0.021Organisational Resilience Paper v0.021
Organisational Resilience Paper v0.021
 
Riskpro construction industry 2013
Riskpro construction industry 2013Riskpro construction industry 2013
Riskpro construction industry 2013
 
Riskpro Construction Industry
Riskpro Construction IndustryRiskpro Construction Industry
Riskpro Construction Industry
 
Building organisational resilience
Building organisational resilienceBuilding organisational resilience
Building organisational resilience
 
Integrated Risk Management Whitepaper - CAMMS
Integrated Risk Management Whitepaper - CAMMSIntegrated Risk Management Whitepaper - CAMMS
Integrated Risk Management Whitepaper - CAMMS
 
Riskpro construction industry
Riskpro construction industryRiskpro construction industry
Riskpro construction industry
 
Building Organisational Resilience
Building Organisational ResilienceBuilding Organisational Resilience
Building Organisational Resilience
 
Securities America Financial Corp.-Monthly Newsletter-3/11
Securities America Financial Corp.-Monthly Newsletter-3/11Securities America Financial Corp.-Monthly Newsletter-3/11
Securities America Financial Corp.-Monthly Newsletter-3/11
 
ACO Webcast Is your Organization Ready
ACO Webcast Is your Organization ReadyACO Webcast Is your Organization Ready
ACO Webcast Is your Organization Ready
 
Business continuity management and risk -The role of standards
Business continuity management and risk -The role of standardsBusiness continuity management and risk -The role of standards
Business continuity management and risk -The role of standards
 
Sustainable Businesses
Sustainable Businesses Sustainable Businesses
Sustainable Businesses
 
The Risk Earnings Ratio
The Risk Earnings RatioThe Risk Earnings Ratio
The Risk Earnings Ratio
 
IDC Energy Insights - Enterprise Risk Management
IDC Energy Insights - Enterprise Risk ManagementIDC Energy Insights - Enterprise Risk Management
IDC Energy Insights - Enterprise Risk Management
 
The art of building a winning team - Construction Manager Article
The art of building a winning team - Construction Manager ArticleThe art of building a winning team - Construction Manager Article
The art of building a winning team - Construction Manager Article
 

Destacado

Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementMetricStream Inc
 
ComplianceOnline Virtual Seminar - IFRS and Effective Fraud Prevention Strate...
ComplianceOnline Virtual Seminar - IFRS and Effective Fraud Prevention Strate...ComplianceOnline Virtual Seminar - IFRS and Effective Fraud Prevention Strate...
ComplianceOnline Virtual Seminar - IFRS and Effective Fraud Prevention Strate...ComplianceOnline
 
I 9 compliance- how to avoid errors
I 9 compliance- how to avoid errorsI 9 compliance- how to avoid errors
I 9 compliance- how to avoid errorscomplianceonline123
 
Health insurance compliance
Health insurance complianceHealth insurance compliance
Health insurance complianceMetricStream Inc
 
ComplianceOnline PPT Format 2015 SEC’s New Whistleblower Rules 5.12.2015
ComplianceOnline PPT Format 2015 SEC’s New Whistleblower Rules 5.12.2015ComplianceOnline PPT Format 2015 SEC’s New Whistleblower Rules 5.12.2015
ComplianceOnline PPT Format 2015 SEC’s New Whistleblower Rules 5.12.2015Craig Taggart MBA
 
Your Cause Employee Philanthropy Program
Your Cause Employee Philanthropy ProgramYour Cause Employee Philanthropy Program
Your Cause Employee Philanthropy Programkbuckland
 
Xoriant - Financial services expertise
Xoriant - Financial services expertiseXoriant - Financial services expertise
Xoriant - Financial services expertiseXoriant Corporation
 
Powering SOX, NERC, FERC Compliance -Energy Industry
Powering SOX, NERC, FERC Compliance -Energy Industry Powering SOX, NERC, FERC Compliance -Energy Industry
Powering SOX, NERC, FERC Compliance -Energy Industry MetricStream Inc
 
Progressive-2Q 07 QSR
Progressive-2Q 07 QSRProgressive-2Q 07 QSR
Progressive-2Q 07 QSRfinance18
 

Destacado (11)

Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
ComplianceOnline Virtual Seminar - IFRS and Effective Fraud Prevention Strate...
ComplianceOnline Virtual Seminar - IFRS and Effective Fraud Prevention Strate...ComplianceOnline Virtual Seminar - IFRS and Effective Fraud Prevention Strate...
ComplianceOnline Virtual Seminar - IFRS and Effective Fraud Prevention Strate...
 
I 9 compliance- how to avoid errors
I 9 compliance- how to avoid errorsI 9 compliance- how to avoid errors
I 9 compliance- how to avoid errors
 
Health insurance compliance
Health insurance complianceHealth insurance compliance
Health insurance compliance
 
State of Global Good
State of Global GoodState of Global Good
State of Global Good
 
Red Flags of Money Laundering
Red Flags of Money LaunderingRed Flags of Money Laundering
Red Flags of Money Laundering
 
ComplianceOnline PPT Format 2015 SEC’s New Whistleblower Rules 5.12.2015
ComplianceOnline PPT Format 2015 SEC’s New Whistleblower Rules 5.12.2015ComplianceOnline PPT Format 2015 SEC’s New Whistleblower Rules 5.12.2015
ComplianceOnline PPT Format 2015 SEC’s New Whistleblower Rules 5.12.2015
 
Your Cause Employee Philanthropy Program
Your Cause Employee Philanthropy ProgramYour Cause Employee Philanthropy Program
Your Cause Employee Philanthropy Program
 
Xoriant - Financial services expertise
Xoriant - Financial services expertiseXoriant - Financial services expertise
Xoriant - Financial services expertise
 
Powering SOX, NERC, FERC Compliance -Energy Industry
Powering SOX, NERC, FERC Compliance -Energy Industry Powering SOX, NERC, FERC Compliance -Energy Industry
Powering SOX, NERC, FERC Compliance -Energy Industry
 
Progressive-2Q 07 QSR
Progressive-2Q 07 QSRProgressive-2Q 07 QSR
Progressive-2Q 07 QSR
 

Similar a The Unexpected Benefits of a Unified Approach to Governance, Risk, and Compliance (GRC)

Good governance is key in tenders
Good governance is key in tendersGood governance is key in tenders
Good governance is key in tendersGregg Barrett
 
Governance, Risk and Compliance- Energy Industry
Governance, Risk and Compliance- Energy Industry Governance, Risk and Compliance- Energy Industry
Governance, Risk and Compliance- Energy Industry MetricStream Inc
 
Financial organization-orm
Financial organization-ormFinancial organization-orm
Financial organization-ormMetricStream Inc
 
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance StrategyQuekelsBaro
 
A Financial Planning Leader Streamlines Audit, Risk and Compliance
A Financial Planning Leader Streamlines Audit, Risk and Compliance A Financial Planning Leader Streamlines Audit, Risk and Compliance
A Financial Planning Leader Streamlines Audit, Risk and Compliance MetricStream Inc
 
Governance and risk in information technology.pdf
Governance and risk in information technology.pdfGovernance and risk in information technology.pdf
Governance and risk in information technology.pdfbkbk37
 
The 2010 Governance Risk & Compliance Summit
The 2010 Governance Risk & Compliance SummitThe 2010 Governance Risk & Compliance Summit
The 2010 Governance Risk & Compliance SummitGSMIweb
 
Trends shaping the future of legal risk management by dave cunningham and m...
Trends shaping the future of legal risk management by dave cunningham and m...Trends shaping the future of legal risk management by dave cunningham and m...
Trends shaping the future of legal risk management by dave cunningham and m...David Cunningham
 
Collaborative Outsourcing
Collaborative OutsourcingCollaborative Outsourcing
Collaborative Outsourcingjasonjthomas
 
Risk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunninghamRisk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunninghamDavid Cunningham
 
GRC_Strategic_Agenda__The_Value_Proposition_of_Goverance,_Risk,_and_Compliance__
GRC_Strategic_Agenda__The_Value_Proposition_of_Goverance,_Risk,_and_Compliance__GRC_Strategic_Agenda__The_Value_Proposition_of_Goverance,_Risk,_and_Compliance__
GRC_Strategic_Agenda__The_Value_Proposition_of_Goverance,_Risk,_and_Compliance__susanta subudhi
 
GRC_Strategic_Agenda__The_Value_Proposition_of_Goverance,_Risk,_and_Compliance__
GRC_Strategic_Agenda__The_Value_Proposition_of_Goverance,_Risk,_and_Compliance__GRC_Strategic_Agenda__The_Value_Proposition_of_Goverance,_Risk,_and_Compliance__
GRC_Strategic_Agenda__The_Value_Proposition_of_Goverance,_Risk,_and_Compliance__susanta subudhi
 
2017 coso-erm-integrating-with-strategy-and-performance-executive-summary
2017 coso-erm-integrating-with-strategy-and-performance-executive-summary2017 coso-erm-integrating-with-strategy-and-performance-executive-summary
2017 coso-erm-integrating-with-strategy-and-performance-executive-summaryVALUES & SENSE
 
BPF Integrated Value Creation Report Out V Posted
BPF Integrated Value Creation Report Out V PostedBPF Integrated Value Creation Report Out V Posted
BPF Integrated Value Creation Report Out V Postedmikesatkinson
 
Integrating Enterprise Risk Management (ERM) with Organizational Strategy
Integrating Enterprise Risk Management (ERM) with Organizational StrategyIntegrating Enterprise Risk Management (ERM) with Organizational Strategy
Integrating Enterprise Risk Management (ERM) with Organizational Strategyhenrytk2
 
GRC_AStepaheadtomeetgrowingStakeholderExpectations.pptx
GRC_AStepaheadtomeetgrowingStakeholderExpectations.pptxGRC_AStepaheadtomeetgrowingStakeholderExpectations.pptx
GRC_AStepaheadtomeetgrowingStakeholderExpectations.pptxPaulClark519402
 
B ackroyd
B ackroydB ackroyd
B ackroydNASAPMC
 
Common Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAECommon Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAEWheelhouse Advisors LLC
 
Discussion1Explaining the results of Efficient Frontier Analysis.docx
Discussion1Explaining the results of Efficient Frontier Analysis.docxDiscussion1Explaining the results of Efficient Frontier Analysis.docx
Discussion1Explaining the results of Efficient Frontier Analysis.docxmadlynplamondon
 

Similar a The Unexpected Benefits of a Unified Approach to Governance, Risk, and Compliance (GRC) (20)

Good governance is key in tenders
Good governance is key in tendersGood governance is key in tenders
Good governance is key in tenders
 
Governance, Risk and Compliance- Energy Industry
Governance, Risk and Compliance- Energy Industry Governance, Risk and Compliance- Energy Industry
Governance, Risk and Compliance- Energy Industry
 
Descriptor MetisGRC
Descriptor MetisGRCDescriptor MetisGRC
Descriptor MetisGRC
 
Financial organization-orm
Financial organization-ormFinancial organization-orm
Financial organization-orm
 
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
 
A Financial Planning Leader Streamlines Audit, Risk and Compliance
A Financial Planning Leader Streamlines Audit, Risk and Compliance A Financial Planning Leader Streamlines Audit, Risk and Compliance
A Financial Planning Leader Streamlines Audit, Risk and Compliance
 
Governance and risk in information technology.pdf
Governance and risk in information technology.pdfGovernance and risk in information technology.pdf
Governance and risk in information technology.pdf
 
The 2010 Governance Risk & Compliance Summit
The 2010 Governance Risk & Compliance SummitThe 2010 Governance Risk & Compliance Summit
The 2010 Governance Risk & Compliance Summit
 
Trends shaping the future of legal risk management by dave cunningham and m...
Trends shaping the future of legal risk management by dave cunningham and m...Trends shaping the future of legal risk management by dave cunningham and m...
Trends shaping the future of legal risk management by dave cunningham and m...
 
Collaborative Outsourcing
Collaborative OutsourcingCollaborative Outsourcing
Collaborative Outsourcing
 
Risk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunninghamRisk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunningham
 
GRC_Strategic_Agenda__The_Value_Proposition_of_Goverance,_Risk,_and_Compliance__
GRC_Strategic_Agenda__The_Value_Proposition_of_Goverance,_Risk,_and_Compliance__GRC_Strategic_Agenda__The_Value_Proposition_of_Goverance,_Risk,_and_Compliance__
GRC_Strategic_Agenda__The_Value_Proposition_of_Goverance,_Risk,_and_Compliance__
 
GRC_Strategic_Agenda__The_Value_Proposition_of_Goverance,_Risk,_and_Compliance__
GRC_Strategic_Agenda__The_Value_Proposition_of_Goverance,_Risk,_and_Compliance__GRC_Strategic_Agenda__The_Value_Proposition_of_Goverance,_Risk,_and_Compliance__
GRC_Strategic_Agenda__The_Value_Proposition_of_Goverance,_Risk,_and_Compliance__
 
2017 coso-erm-integrating-with-strategy-and-performance-executive-summary
2017 coso-erm-integrating-with-strategy-and-performance-executive-summary2017 coso-erm-integrating-with-strategy-and-performance-executive-summary
2017 coso-erm-integrating-with-strategy-and-performance-executive-summary
 
BPF Integrated Value Creation Report Out V Posted
BPF Integrated Value Creation Report Out V PostedBPF Integrated Value Creation Report Out V Posted
BPF Integrated Value Creation Report Out V Posted
 
Integrating Enterprise Risk Management (ERM) with Organizational Strategy
Integrating Enterprise Risk Management (ERM) with Organizational StrategyIntegrating Enterprise Risk Management (ERM) with Organizational Strategy
Integrating Enterprise Risk Management (ERM) with Organizational Strategy
 
GRC_AStepaheadtomeetgrowingStakeholderExpectations.pptx
GRC_AStepaheadtomeetgrowingStakeholderExpectations.pptxGRC_AStepaheadtomeetgrowingStakeholderExpectations.pptx
GRC_AStepaheadtomeetgrowingStakeholderExpectations.pptx
 
B ackroyd
B ackroydB ackroyd
B ackroyd
 
Common Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAECommon Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAE
 
Discussion1Explaining the results of Efficient Frontier Analysis.docx
Discussion1Explaining the results of Efficient Frontier Analysis.docxDiscussion1Explaining the results of Efficient Frontier Analysis.docx
Discussion1Explaining the results of Efficient Frontier Analysis.docx
 

Más de Enterprise Technology Management (ETM)

Implementation Brief Active Endpoints’ ActiveVOS BPMS - ENABLING DYNAMIC GROWTH
Implementation Brief Active Endpoints’ ActiveVOS BPMS - ENABLING DYNAMIC GROWTHImplementation Brief Active Endpoints’ ActiveVOS BPMS - ENABLING DYNAMIC GROWTH
Implementation Brief Active Endpoints’ ActiveVOS BPMS - ENABLING DYNAMIC GROWTHEnterprise Technology Management (ETM)
 
Microsoft: Financial Exchange Speeds Development and Audit Reviews by 20 Percent
Microsoft: Financial Exchange Speeds Development and Audit Reviews by 20 PercentMicrosoft: Financial Exchange Speeds Development and Audit Reviews by 20 Percent
Microsoft: Financial Exchange Speeds Development and Audit Reviews by 20 PercentEnterprise Technology Management (ETM)
 

Más de Enterprise Technology Management (ETM) (19)

IMPROVING ORDER-TO-CASH CYCLE.
IMPROVING ORDER-TO-CASH CYCLE.IMPROVING ORDER-TO-CASH CYCLE.
IMPROVING ORDER-TO-CASH CYCLE.
 
The future of Finance
The future of FinanceThe future of Finance
The future of Finance
 
.The Complete Guide to Log and Event Management
.The Complete Guide to Log and Event Management.The Complete Guide to Log and Event Management
.The Complete Guide to Log and Event Management
 
Optimizing the Cloud Infrastructure for Enterprise Applications
Optimizing the Cloud Infrastructure for Enterprise ApplicationsOptimizing the Cloud Infrastructure for Enterprise Applications
Optimizing the Cloud Infrastructure for Enterprise Applications
 
Managing The Virtualized Enterprise New Technology, New Challenges
Managing The Virtualized Enterprise New Technology, New ChallengesManaging The Virtualized Enterprise New Technology, New Challenges
Managing The Virtualized Enterprise New Technology, New Challenges
 
Leveraging Log Management to provide business value
Leveraging Log Management to provide business valueLeveraging Log Management to provide business value
Leveraging Log Management to provide business value
 
The Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent ThemThe Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent Them
 
Content Aware SIEM™ defined
Content Aware SIEM™ definedContent Aware SIEM™ defined
Content Aware SIEM™ defined
 
Is Outsourcing Right for You?
Is Outsourcing Right for You?Is Outsourcing Right for You?
Is Outsourcing Right for You?
 
Implementation Brief Active Endpoints’ ActiveVOS BPMS - ENABLING DYNAMIC GROWTH
Implementation Brief Active Endpoints’ ActiveVOS BPMS - ENABLING DYNAMIC GROWTHImplementation Brief Active Endpoints’ ActiveVOS BPMS - ENABLING DYNAMIC GROWTH
Implementation Brief Active Endpoints’ ActiveVOS BPMS - ENABLING DYNAMIC GROWTH
 
Whitepaper- Real World Search
Whitepaper- Real World SearchWhitepaper- Real World Search
Whitepaper- Real World Search
 
Liwp consider opensource2010
Liwp consider opensource2010Liwp consider opensource2010
Liwp consider opensource2010
 
Ibm social commerce_whitepaper
Ibm social commerce_whitepaperIbm social commerce_whitepaper
Ibm social commerce_whitepaper
 
Cloud view platform-highlights-web3
Cloud view platform-highlights-web3Cloud view platform-highlights-web3
Cloud view platform-highlights-web3
 
10 obvious statements about software configuration and change
10 obvious statements about software configuration and change10 obvious statements about software configuration and change
10 obvious statements about software configuration and change
 
Don't let wireless_detour_your_pci_compliance
Don't let wireless_detour_your_pci_complianceDon't let wireless_detour_your_pci_compliance
Don't let wireless_detour_your_pci_compliance
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
 
Microsoft: Financial Exchange Speeds Development and Audit Reviews by 20 Percent
Microsoft: Financial Exchange Speeds Development and Audit Reviews by 20 PercentMicrosoft: Financial Exchange Speeds Development and Audit Reviews by 20 Percent
Microsoft: Financial Exchange Speeds Development and Audit Reviews by 20 Percent
 
Kickfire: Best Of All Worlds
Kickfire: Best Of All WorldsKickfire: Best Of All Worlds
Kickfire: Best Of All Worlds
 

Último

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

Último (20)

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

The Unexpected Benefits of a Unified Approach to Governance, Risk, and Compliance (GRC)

  • 1. GOVERNANCE, RISK & COMPLIANCE MetricStream Insights The Unexpected Benefits of a Unified Approach to Governance, Risk, and Compli- ance (GRC) By: Charles Goldenberg,VP GRC Solutions ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ INTRODUCTION Stringent corporate governance, and accountability reforms, that followed the corporate failures of the past, have dramatically changed today's business environment - placing great responsibil- ity on the management and demanding seamless operations. Organizations across the globe are constantly being challenged to navigate through a proliferation of new standards and expecta- MetricStream Inc. and NASDAQ jointly organized a tions in a way that supports performance objectives, sustains web seminar on March 4, 2008. The event brought value, and protects the organization's brand. Whether we like it or together a panel of experts committed to develop not, all corporations have to comply with regulations and at the and use a holistic approach that addresses chal- same time establish their credibility with investors, other stake- lenges in corporate governance, risk management, holders, and the broader public. All these factors, brought to- and compliance. The theme of the seminar is ‘The gether, have fuelled the convergence of distinct, yet entwined Unexpected Benefits of a Unified Approach to disciplines of the Governance, Risk, and Compliance (GRC). Governance, Risk, and Compliance (GRC)’. Partici- pants had the opportunity to attend interactive On March 4, 2008, MetricStream Inc. along with NASDAQ sessions, discuss how following a unified approach conducted a web seminar, titled, ‘The Unexpected Benefits of a not only help mitigate corporate risk but also accrue Unified Approach to Governance, Risk, and Compliance (GRC)’ unexpected benefits to the organization. It takes a hosted by Mike Oxley, Vice Chairman NASDAQ, myself and other detailed look on unified Governance, Risk and eminent speakers - Jonathan Barr, Partner Baker Hostetier; Ken Compliance (GRC) – a discipline becoming increas- Denman, Chairman and CEO, iPass Inc; and Scott Mitchell, ingly important to enterprises around the globe; and Chairman and CEO, The Open Compliance and Ethics Group. I had proceeds to discuss the emerging perception of GRC the privilege to be one of the speakers along with Mike Oxley, the as an integrated set of concepts that, when applied former Congressman and co-creator of the SOX mandate. As holistically within an organization can add significant always, one of the best parts of the webinar was meeting the value and provide competitive advantage. fellow GRC professionals - exchanging ideas, and the presenting new tools and resources to support the critical business functions You can access the archived session at http:// of Governance, Risk, and Compliance Management. Our discus- www.shareholder.com/NDQCCG/ sion focused on the unexpected benefits of a unified approach to MediaRegister.cfm?MediaID=30003 GRC - providing fresh perspective into the GRC processes, and the resulting benefits.
  • 2. GOVERNANCE, RISK & COMPLIANCE Mike Oxley, while hosting the webinar initiated the discussion. He these devastating results for Titan and people at Titan to made noted,"GRC is an increasingly recognized term that reflects the carrier decisions not in an institute on an effective compliance new ways organizations focus on integrated approach to the three program." areas of Governance, Risk, and Compliance. GRC was brought into focus in 2002 by the introduction of SOX and regulatory measures Due to high costs of compliance, organizations are now increas- including NASDAQ’s listing standards. This created an environ- ingly demanding more from their compliance approaches. In ment of transparency and accountability; and the investors’ particular, they want to replace siloed solutions that address confidence began to restore. Companies began to realize that individual compliance issues with a more holistic approach-an taking a singular approach to these approaches is quite expensive. approach that can support myriad Governance, Risk Management, Taking a unified risk based approach to GRC allows corporation to and Compliance mandates and better align with business objec- identify priorities, and rightly allocate resources, to highly impor- tives. Ken Denman pointed out that siloed approach potentially tant risk topics. By putting a unified structure in place to manage increases the overall business risk for the organizations – resulting GRC, companies can streamline business process, gain better in proliferation of inconsistent documents, emails, and spread- visibility in operations, and make better decisions more quickly; sheets which often results in errors, duplicity and redundancy. resulting in more secured and controlled environment." These factors often cause costs to spiral out of control. For this reason the concept of a cross-functional convergence of these Most of the GRC initiatives have been driven by the need to activities represents a progressive approach, and is quickly maintain organizational agility while adhering to highly rigid and replacing the traditional fragmented or silo mentality. This ap- ever-increasing compliance mandates. In last three years, there proach aims to unify the management of "Governance", "Risk" and have been more than 14,000 new regulations issued by the U.S. "Compliance" and optimize these activities in order to help government - reaching across the entire spectrum of business overcome the problems caused by business fragmentation and operation activities. The most commonly cited regulations include disjointed approaches. Sarbanes-Oxley (SOX), OSHA, ISO, FCPA, AML, Patriot Act, ITAR, and NASDAQ Rules. The demand for compliance doesn’t stop Discussing the scope of GRC department for an organization, there. In addition to external regulatory compliance, an effective Mitchell held, "The Governance, risk and compliance department is compliance program must also address internal compliance needs often labeled as the department of NO – always telling people such as management of financial risk related to capital allocation, what not to do. Our response to such criticism is that fastest cars market, and insurance, as well as needs related to HR policies, need the best brakes. You actually design brakes to moderate product quality standards, health and safety regulations, IT speed in the direction of vehicle. These aspects of the vehicle are governance, and best practices. Meeting both internal and engineered right there, build in to the way the vehicle functions. external compliance standards has become a multimillion dollar Very similarly if we think about the organization, we need to think challenge at many companies. It's estimated that companies will about how we can build a GRC model, and engineer into the spend more than $31B on GRC in 2008, according to the AMR business to get maximum impact from those processes cost- Research. Ken Denman, held that, "Compliance failure can directly effectively." erode value – translating into reductions in EBITDA and market capitalization.” Jonathan R. Barr held the same view. He cited an SO WHAT ARE THESE BRAKES, WHAT ARE THESE GRC PRO- example of Titan Corporation as an evidence of far-reaching CESSES? consequences of non-compliance. He noted, “Take the example of GRC processes are the organization’s practices and the various Titan Corporation. It engaged in FCPA violations during the period roles that top management, and the rest of the organization play in of 1999 to 2001, and was cited by FCPA official as, “a poster child relation to oversight, strategy, risk management, and strategy of how to not have an FCPA compliance program”. In 2005, Titan execution regarding compliance with laws and regulations, and pled guilty to three felonies. It paid $28.5 million in penalties and internal policies and procedures. These processes identify and fines and as a condition of probation had to institute a strict prioritize compliance-related risks that need to be managed and compliance program in internal controls to prevent future FCPA controlled, set an ethical "tone at the top" to pervade the entire violations. And as a result, Lockheed Martin Corporation backed organization, and support the necessary structural changes. away from planned acquisition of Titan. We should all agree with Further it addresses issues of corporate governance and
  • 3. GOVERNANCE, RISK & COMPLIANCE strengthens stakeholder relations through more timely and transparent reporting. While there is no single recipe for a GRC model; each company is pursuing its own tailor-made approach to follow GRC practices and processes. According to Mitchell, “Much of risk and complexity, which we face, can be addressed using a harmonized approach to governance, risk and compliance. We follow the process called GRC – Backbone, and it has a foundation of People, Process, and Technology to serve each and every customer”. An effective GRC program begins with dual commitments from people: from management to build a culture of compliance and the other from individuals to honor this culture and conduct business accordingly. From there, management examines the internal and external compliance requirements, ties At MetricStream, we believe that the first step towards GRC them to specific policies, and creates controls to help ensure implementation includes introduction of a closed-loop remediation processes adhere to these policies. Technology helps them process. As the organization starts looking at the issues related to achieve these objectives further. When properly implemented, Governance, risk and compliance, it starts inducing a self healing technology can automate and streamline the controls and pro- effect – creating an environment with ensured compliance, cesses needed to achieve overall compliance and efficiency. reduced risks, and trimmed expenditures. This further leads to reduced residual and inherent risks - making it much easier to At MetricStream, we have developed a GRC balanced score card achieve the desired level of risk that the organization wants to which assesses the specific areas where our clients can and operates with. As GRC processes are efficiently engrained across should be achieving benefits from the GRC program. We first the entire value chain, there is a decline in incurred IT costs. consider GRC objectives - driving shareholder value, lowering Finally there is a move towards creating a compliance culture and inherent business risks, and building compliance culture. Next up increasing corporate social responsibility, a notion of being a in the operational segment of the scorecard is lowering the cost of compliance first mover. As the compliance culture takes route, it compliance, then enhancing customer satisfaction, and then ensues in the final step in terms of how risk can be cost-effec- reducing the business risks. tively moderated in the organization. IMPLEMENTING GRC PROCESSES: ROADMAP TO BETTER BUSINESS PERFORMANCE In a survey by PricewaterhouseCoopers 1, 64% of Today, we are at an important crossway. Given the significant the CEO’s from various organizations accredited GRC investments companies have made in building GRC practices and for having a major, positive impact on legal liabili- technologies, we frequently ponder on an important question: How ties, and 56% for reputation and brand. One third of can we leverage GRC programs to realize business value? How our the CEOs felt that GRC had a major impact on their clients can get a return on investment for their GRC programs? relationships with ratings agencies, financial perfor- Long-term success requires that integrated and comprehensive mance, operational efficiency, and relationships with GRC be mandated by the board of directors, driven by senior business partners. management, and executed across all levels of the company. Jonathan Barr holds that effective compliance program starts with “The Tone at the Top”- it is important to set the tone at the top by ensuring institutional support for a well designed GRC process. For instance, hiring a chief GRC officer who drives the systematic adoption of GRC across the organization based on a gap analysis, demonstrating the extent of unmitigated business risk and prioritizing next steps.
  • 4. While listing the critical success factors, Mitchell, said, "First step REFERENCES is to think big and start small. You can take two or three silos and 8th Annual Global CEO Survey- Bold Ambitions, Careful Choices apply these ideas right away; expect 30 to 50% savings in costs by PRICEWATERHOUSECOOPERS as you apply these ideas. Next, make sure is that these groups http://www.pwc.com/extweb/pwcpublications.nsf/docid/ speak the same language while talking about risk and response to 7cdcff226463d29e85256fd9006ade69 risk, synchronizing with the existing rhythm of business and processes. And finally think about how you can embed GRC with your business" Further, the real business value comes from leveraging GRC as a proactive management instrument – not just in terms of avoiding the costs of noncompliance, but in terms of creating value, and driving revenue and competitive advantage. There is a growing array of automated tools, strategies and approaches, which can be used to leverage GRC initiatives within an enterprise. For instance, tools like corporate risk database, enterprise risk calculator, risk analytics, risk heat maps, reporting and visualization, central GRC repository, threshold-based notifica- tions and reminders, and program dashboards promote business viability by unifying corporate strategy, control initiatives, opportu- nity discovery, and loss mitigation across the enterprise. CONCLUSION A unified GRC framework lays down the strategic and comprehen- sive approach for successful business management - providing transparency and efficiency across the enterprise. Most innova- tive companies, today, are stepping up to face the challenges of managing GRC in a holistic and strategic manner. GRC experts anticipate that, “in coming years, firms will establish risk and compliance architectures, develop risk intelligence, and implement GRC platforms, along with centralized communication and training on corporate policies and procedures. Further, there will be a ABOUT METRICSTREAM continued evolution of the enterprise role that is responsible for MetricStream is a market leader in Enterprise-wide Gover- managing GRC".. Most organizations have recognized the need, nance, Risk, Compliance (GRC) and Quality Solutions for global have deepened their GRC domain expertise, and are investing in corporations. MetricStream solutions are used by leading automated solutions that will enable them to achieve the goal of corporations such as Pfizer, Philips, American Airlines, managing GRC with confidence. These solutions work together to NASDAQ, Hitachi, Aurobindo Pharma, Sandisk, BP, Entergy, automate end-to-end GRC activities, including corporate gover- Subway, Fairchild Semiconductor, and TaylorMade-Adidas Golf nance and oversight; risk management; control testing and in diverse industries such as Pharmaceuticals, Medical remediation case management; and user access and authoriza- Devices, Automotive, Food, High Tech Manufacturing, Energy tion. and Financial Services to manage their quality processes, regulatory and industry-mandated compliance and corporate The collective opinion was that, by embarking on a unified GRC governance initiatives, as well as by over a million compliance strategy, you can proactively achieve significant returns on your professionals worldwide via the ComplianceOnline.com portal. investment. It not only helps ensure good governance and compliance, but also reduces the effort involved; so that people MetricStream can focus more on the business. www.metricstream.com info@metricstream.com © Copyright 2007, MetricStream, Inc. All rights reserved.