Integrity-Driven Performance. New Strategy for ... - GRC Resource

More documents

Recommendations

Info

Interestingly, many of the technologies needed to effect a real-time risk and complianceenvironment are already in place within virtually all organisations – they just haven’t beenapplied to GRC. PricewaterhouseCoopers’ Real-Time GRC Architecture highlights the capabilityfor, and importance of, leveraging existing systems in designing and implementing a GRCsolution. (This architecture is discussed in more detail in Section III of this paper.)Realising the Value Potential of GRCA shift is occurring in the way GRC is seen – from a cost-absorbing function to a value-addingfundamental at the organisation’s core. In our view, a multi-faceted approach is needed to makethis vision a reality. The approach includes:• An integrated approach to GRC management that links to performance• Use of a structured framework such as the PricewaterhouseCoopers GRC Operating Model• A new definition of compliance – one that puts stakeholders first and encompassesinternal as well as external compliance requirements (i.e., compliance as an outcome,not as a function)• Utilisation of key enablers to bring the operating model to life and realise valueWe have seen how the marketplace views GRC as a value-creating proposition. But we also knowthat the traditional approach to GRC presents a significant gap or barrier to realising that value.We believe that this barrier is not insurmountable, and that by applying the concepts discussedhere, organisations can better realise the value potential of GRC.How This White Paper Can HelpThis white paper explores the concepts of GRC within a challenging business, regulatory andsocial environment. It defines the concept of an integrity-driven performance strategy – a guidingphilosophy for delivering shareholder value through a firm commitment to trust, integrity and values.The white paper shows a view of the future and takes the reader along on a journey demonstratinghow an organisation can enhance value through an integrated approach to GRC – the foundationfor which are best practices of many highly respected and successful organisations. The whitepaper also introduces the Governance, Risk & Compliance Operating Model, developed byPricewaterhouseCoopers as a roadmap to help organisations achieve a culture of integrity-drivenperformance.16
III. Key Enablers for AchievementThe public has made clear the need and expectation that companies take a proactive andintegrated approach to governance, ethics, risk management and compliance. Too many corporatefailures have resulted from these key processes being disconnected. In these cases, organisationshave come to learn – albeit too late – that fraud or other unethical business practices can occur,either when those responsible for the business do not have the appropriate commitment to GRC,or when there is a misalignment of GRC capabilities and culture.We have seen, for example, recent failures in the financial services sector where compliancerequirements were well-known and processes were in place, however the organisation eitherlacked a demonstrated commitment to the spirit of compliance, or GRC considerations wereabsent when strategic business decisions were being made. That situation, combined with thefailure of effective and independent monitoring processes, has led to multimillion-dollarsettlements, market cap losses, executive incarceration and, in some cases, permanent damageto the business.An integrated approach to GRC helps ensure that a serious tone of corporate responsibility is setat the top of the organisation; that a comprehensive analysis of risk is undertaken; that businessunit GRC objectives are a key part of overall business unit goals; and that an effective GRCoperating model is implemented to protect the franchise and help ensure responsible businessconduct.Across the globe, investors, legislators, regulators, prosecutors, analysts and watchdog organisationshave made it clear: the board and management must be able to articulate and demonstrate howthey have integrated governance, ethics, risk management and compliance activities to ensure theorganisation is committed to corporate responsibility and sustainable value. This includes thecapability to identify issues early and address them immediately. Consider the practice implementedby many corporate leaders of bringing GRC to the forefront of strategic considerations such as theassessment of mergers and acquisitions, or the evaluation of new products, services and markets.Clearly, unprecedented stakeholder pressure is having a profound impact on today’s business.To address this pressure, an integrated approach to GRC is needed – the foundation of which is astructured framework, or operating model. A framework provides an organisation with a roadmapto translate its vision of a desired GRC end-state into tactical activities that are individually andcollectively aligned with overall enterprise and GRC objectives. Such a framework supports anenterprise view of GRC and helps realise it through the interconnected and deliberate use ofresources, business processes and technology within the organisation. A framework is thebackbone by which the organisation can map and show how it will deliver a GRC state thatmeets the expectations of shareholders, regulators, the general public and all stakeholders.17
Page 6 and 7: Governance Reforms: A Snapshot of R
Page 8 and 9: Through our research and client wor
Page 10 and 11: An integrated approach to GRC prope
Page 12 and 13: As shown in Figure II-2, a new visi
Page 14 and 15: In our view, a leading GRC capabili
Page 16 and 17: Integrating GRC into Core Business
Page 20 and 21: PricewaterhouseCoopers developed th
Page 22 and 23: • The organisation deploys proces
Page 24 and 25: Governance ProcessesIn order to exe
Page 26 and 27: Successful GRC Process IntegrationG
Page 28 and 29: GRC performance enables greater bus
Page 30 and 31: Cost ManagementThe term “Total Co
Page 32 and 33: Organisations face an abundance of
Page 34 and 35: The Emerging Role of Technology: En
Page 36 and 37: Interestingly, in many organisation
Page 38 and 39: IV. The Governance, Risk & Complian
Page 40 and 41: The GRC Operating Model is both sca
Page 42 and 43: Envision Performance Driven by Inte
Page 44 and 45: Improve and Measure SuccessDevelop,
Page 46 and 47: The GRC Operating Model promotes op
Page 48 and 49: Implementing a sustainable reportin
Page 50 and 51: Appendix: Governance, Risk and Comp
Page 52: www.pwc.com/governance© 2004 Price

Integrity-Driven Performance. New Strategy for ... - GRC Resource

Create successful ePaper yourself

Delete template?

Save as template?