Integrity-Driven Performance. New Strategy for ... - GRC Resource

More documents

Recommendations

Info

Integrating GRC into Core Business ProcessesGRC integration implies a consistency of action by management and employees in the course ofdoing business. Signs of integration with business processes include the following:• GRC is practised and reflected in an organisation’s control environment. Most importantly,employees understand their risk management roles and responsibilities and are exercisingdue diligence in managing risk effectively.• Real-time monitoring at appropriate levels and reporting and incident management capabilitiesare in place and operating effectively. Key elements of an effective GRC programme exist,including monitoring mechanisms, multiple avenues for confidential reporting to the boardas well as senior management, and GRC functions, escalation protocols, investigative processesand disciplinary procedures. Information flow is accurate and timely, and facilitates strategicdecision-making. Ownership and accountability are designed into processes, which alsosupport ongoing measurement through a balanced measurement approach.• Policies map the course of action and explain what needs to be done. Policies are thetranslation of business strategy into day-to-day operations, and are therefore derived fromthe organisation’s mission, strategies and critical success factors. When viewed from thisperspective, compliance with policies and procedures is absolutely critical. Accordingly,a clear set of measurements and metrics needs to be developed, reported on and managed.In an effective GRC operating model, compliance policies and procedures have beenembedded in the business processes such that they are part of the organisation’s coreoperating procedures.• Procedures comprehensively define the sequence of steps to be taken to execute identifiedGRC policies.Measuring Performance and Calculating ValueEffective GRC management does more than mitigate risk – it can also be a driver of businessvalue. GRC performance enables greater business agility and can reduce losses, thereby freeingup capital. Consider the impact that the risk of compliance failure has on capital reserves,insurance, cost of capital, business disruption and remediation costs. Signalling a new focus onthe relationship between GRC and good business management, a growing number of creditrating agencies and investor services, such as Moody’s, Standard & Poor’s, GovernanceMetricsInternational and Institutional Shareholder Services, are ranking organisations on their GRCperformance. In today’s environment, investors appear to be willing to pay more for the shares ofwell-governed organisations. GRC performance impacts an organisation’s ability to attract capital,reduce losses and allocate capital to its highest and best use.14
Managing GRC value is achieved through the healthy balance between cost management andperformance management. Cost-management practices measure cost and look at where, howand why resources are spent. In doing so, cost management helps establish the target levels ofperformance required to get the expected return on GRC investments. Conversely, good performancemanagement practices measure the effectiveness and efficiency of current programmes. Performancemanagement can therefore point to gaps, inefficiencies and improvement opportunities that mayneed to be supported by additional investments. (A more detailed discussion of GRC valuemanagement is presented in Section III of this paper.)Organisations able to manage value through cost management and performance managementcan demonstrate that:• Accountability, integrity and fiscal responsibility are embedded in management processes.• A performance management system, including objectives, key performance indicators,performance targets and ownership, is in place.• Spending is aligned with the organisation’s objectives – capital is allocated to its highestand best use.• Value and benefits of an integrity-based compliance programme are embraced within theorganisation.Achieving Effectiveness by Leveraging TechnologyTechnology is a critical enabler to facilitating efficient and effective execution across the GRC operatingmodel. Technology can be used to create a “central nervous system” for an organisation – reachingout in real time to critical business processes to help ensure that risk is being managed and eventsare being acted upon. META Group research 8 indicates that the projected benefits from leveragingtechnology for GRC are significant. These benefits include having more accurate and consistentdata on a more timely basis, and doing so in a more cost-effective manner. Technology deployed tomeet GRC objectives can deliver substantial benefits and improvements by enabling an enterpriseview of risk, thereby helping to facilitate accountability and ownership. These in turn help buildconfidence and trust with key stakeholders, including the board, investors and regulators.Characteristics of a robust enabling technology environment include:• A real-time risk, compliance and monitoring environment enables the application ofpolicies and standards at the time of business process execution.• GRC obligations are actively assessed and managed.• Issues and incidents arising from non-compliance are actively identified, escalatedand reported.8 © 2003 META Group, Inc., Stamford, CT, U.S.A.15
Page 6 and 7: Governance Reforms: A Snapshot of R
Page 8 and 9: Through our research and client wor
Page 10 and 11: An integrated approach to GRC prope
Page 12 and 13: As shown in Figure II-2, a new visi
Page 14 and 15: In our view, a leading GRC capabili
Page 18 and 19: Interestingly, many of the technolo
Page 20 and 21: PricewaterhouseCoopers developed th
Page 22 and 23: • The organisation deploys proces
Page 24 and 25: Governance ProcessesIn order to exe
Page 26 and 27: Successful GRC Process IntegrationG
Page 28 and 29: GRC performance enables greater bus
Page 30 and 31: Cost ManagementThe term “Total Co
Page 32 and 33: Organisations face an abundance of
Page 34 and 35: The Emerging Role of Technology: En
Page 36 and 37: Interestingly, in many organisation
Page 38 and 39: IV. The Governance, Risk & Complian
Page 40 and 41: The GRC Operating Model is both sca
Page 42 and 43: Envision Performance Driven by Inte
Page 44 and 45: Improve and Measure SuccessDevelop,
Page 46 and 47: The GRC Operating Model promotes op
Page 48 and 49: Implementing a sustainable reportin
Page 50 and 51: Appendix: Governance, Risk and Comp
Page 52: www.pwc.com/governance© 2004 Price

Integrity-Driven Performance. New Strategy for ... - GRC Resource

Create successful ePaper yourself

Delete template?

Save as template?