This Just In- GRC Adds Value

.

In his analysis of the survey results, Marks identifies several points of common sense for managers involved with GRC activities. This guidance includes:


• Don’t let consultants and vendors confuse you with talk of a new “GRC requirement” or “need to improve GRC.” Focus instead on how you can optimize performance and the achievement of strategies.

The survey represents the sort of DIY research and publishing that more and more consultants, vendors and industry networks (of consultants, vendors and practitioners) are conducting these days thanks, in large part, to the way social media platforms have greatly increased the ease of talking shop online.



Second, the majority of respondents say they agree with the definition of GRC put forth by the Open Compliance and Ethics Group (OCEG) Big Fat Finance, which describes GRC as: “a system of people, processes and technology that enables an organization to:


• Understand and prioritize stakeholder expectations;

• Set business objectives that are congruent with values and risks;

• Achieve objectives while optimizing risk profile and protecting value;

• Operate within legal, contractual, internal, social and ethical boundaries;

• Provide relevant, reliable and timely information to appropriate stakeholders; and enable the measurement of the performance and effectiveness of the system.”

Slightly less than half of the survey’s 143 respondents are practitioners (internal auditors, risk managers, finance executives and managers); the rest are consultants, software vendors (like Marks) and academics. What the survey lacks in sample size (more practitioners next time, please), it more than compensates for in terms of a pulse-check on evolving thoughts, practices and perspectives on GRC. You can check out the results for yourself here.

GRC is a valuable concept. And there’s substantial agreement on what it actually means.

Those are a couple of the main takeaways of an interesting industry survey on the use, value and definition of organizational governance, risk, and compliance (GRC) capabilities. The survey was conducted by GRC blogger Norman Marks of SAP.


• Don’t be deluded into thinking you need to have a GRC officer — most organizations don’t need one. They need the executives in charge of the various functions within GRC to cooperate and collaborate for the collective advantage of the business.



Two of the survey results are particularly compelling.

First, 85 percent of respondents say that the concept of GRC offers their organizations value.

• Don’t let the consultants and vendors tell you what GRC means.





• Settle on a common definition of GRC within your organization (Marks recommends the OCEG definition). Understand that it’s a lens through which you view how the business is managed and directed, and understand the need for the various elements within GRC to work together — in harmony.

http://coachfactorystore-bag.weebly.com

0 comments:

Post a Comment