Integrity-Driven Performance. New Strategy for ... - GRC Resource

More documents

Recommendations

Info

Governance Reforms: A Snapshot of Recent DevelopmentsCorporate Governance: In November 2003, the U.S. Securities and Exchange Commission(SEC) approved the final versions of corporate governance listing standards proposed by theNew York Stock Exchange and the NASDAQ Stock Market. Both standards expand upon theSarbanes-Oxley Act of 2002 and the SEC rules to impose significant new requirements onlisted companies. These sweeping reforms mandate independence, increased transparencyand new standards for corporate accountability. These and other governance standardsemphasise the importance of enhancing governance, ethics, risk and compliance oversightcapabilities.Enterprise Risk Management: In October 2003, the Committee of Sponsoring Organizationsof the Treadway Commission (COSO) issued for public comment its new Enterprise RiskManagement framework. The final COSO framework, along with Application Guidance,both authored by PricewaterhouseCoopers, will be published in June 2004. The new COSOframework identifies key elements of an effective enterprise risk management approach forachieving financial, operational, compliance and reporting objectives. Both the new COSOframework and Application Guidance emphasise the critical role played by governance,ethics, risk and compliance in enterprise risk management.Compliance and Business Conduct: On 30 December 2003, the United States SentencingCommission proposed far-reaching changes to the United States Federal Sentencing Guidelines,which set forth the U.S. Government’s standard on what constitutes an effective complianceprogramme. The Guidelines are also reflected in industry regulatory compliance guidancestandards. The new recommendations emphasise the importance of expanding the compliancestandard to better address a corporation’s ethical culture; establish the governance andoversight responsibilities of the board and senior management; frame the need for appropriateresources and authority; and recommend that companies conduct ongoing risk assessmentsto form the basis for continuous improvement of their compliance programmes. Once again,recommendations focus on the relationship between governance, ethics, risk managementand compliance.Although these developments are examples of emerging standards in the United States,similar reforms and standards have emerged globally, and organisations the world over aredealing with their implications.4
Defining the PricewaterhouseCoopers Point of ViewPricewaterhouseCoopers has researched and analysed GRC best practices to help organisationsnavigate the new regulatory and business environment. The work has included an examination ofvalue-based strategies for leveraging internal control work associated with Sarbanes-Oxley complianceefforts, and has involved subject matter experts from numerous disciplines across our organisation.In conducting research, we undertook global surveys and consulted with independent industryanalysts, researchers and journalists to broaden our view of core issues. We also turned to manyclients for deeper insights on “touch points” for respective industries and related sectors.In 2003, PricewaterhouseCoopers underwrote two important research projects that were instrumentalin developing our point of view. A paper based on the first of these, “Compliance: a Gap at theHeart of Risk Management,” was published in May 2003, in conjunction with the EconomistIntelligence Unit (EIU). Although the compliance survey focused on the financial services industry,many of the important findings from it spurred further investigative work across a range ofindustries.Secondly, research conducted by META Group 1 on behalf of PricewaterhouseCoopers addressedthe following:• The strategic view organisations hold with regard to GRC• Current operational issues organisations are encountering as they address GRC issues• Future trends in GRCConducted in the summer of 2003, the survey represented a substantial cross-industry sample oflarge 2 organisations, and their responses helped influence our perspective. Selected results of theresearch are published for the first time in this paper (see the Appendix for a summary of the research).1 © 2003 META Group, Inc., Stamford, CT, U.S.A.2 Organisations of US$1 billion or more.5
Page 8 and 9: Through our research and client wor
Page 10 and 11: An integrated approach to GRC prope
Page 12 and 13: As shown in Figure II-2, a new visi
Page 14 and 15: In our view, a leading GRC capabili
Page 16 and 17: Integrating GRC into Core Business
Page 18 and 19: Interestingly, many of the technolo
Page 20 and 21: PricewaterhouseCoopers developed th
Page 22 and 23: • The organisation deploys proces
Page 24 and 25: Governance ProcessesIn order to exe
Page 26 and 27: Successful GRC Process IntegrationG
Page 28 and 29: GRC performance enables greater bus
Page 30 and 31: Cost ManagementThe term “Total Co
Page 32 and 33: Organisations face an abundance of
Page 34 and 35: The Emerging Role of Technology: En
Page 36 and 37: Interestingly, in many organisation
Page 38 and 39: IV. The Governance, Risk & Complian
Page 40 and 41: The GRC Operating Model is both sca
Page 42 and 43: Envision Performance Driven by Inte
Page 44 and 45: Improve and Measure SuccessDevelop,
Page 46 and 47: The GRC Operating Model promotes op
Page 48 and 49: Implementing a sustainable reportin
Page 50 and 51: Appendix: Governance, Risk and Comp
Page 52:
www.pwc.com/governance© 2004 Price
show all

Integrity-Driven Performance. New Strategy for ... - GRC Resource

Create successful ePaper yourself

Delete template?

Save as template?