Integrity-Driven Performance. New Strategy for ... - GRC Resource

More documents

Recommendations

Info

Through our research and client work, we have come to understand certain common themes, orelements of success, that executives believe are essential to creating and sustaining improvedperformance relative to GRC. They are as follows:• Adopting an Integrated View of GRC. Organisations need to integrate their governance, riskmanagement and compliance activities to effectively protect and, in fact, create value.• Linking GRC to Performance. An integrated GRC capability drives value and enhancesperformance, according to a growing body of research. However, performance and valuemeasurement capabilities are needed to facilitate this.• Embracing a New Vision of Compliance. A new vision and definition of compliance isneeded to protect reputation and “burnish the franchise” – one that focuses on integrityand compliance as an outcome across all of the organisation’s responsibilities, and that is notsimply a function within the organisation focused solely on laws and regulations.• Deploying a Structured GRC Approach, or Operating Model. To successfully integrate GRCin a manner that enhances value and delivers integrity-driven performance, organisationsneed a comprehensive GRC operating model that is consistent with organisational strategyand risk management objectives, and that properly aligns the people, process andtechnology capabilities of the organisation to meet those objectives.• Utilising Key Enablers. To achieve success in GRC, organisations need to apply keyenablers. These include culture and change management, performance and valuemanagement, process improvement and technology. Ironically, much of the technologyand subject matter expertise needed to realise improved performance already exists withinmost large organisations, but it exists in silos and isolated pockets throughout the organisation.Strong leadership champions are critical for tapping into these resources.Adopting an Integrated View of Governance,Risk and Compliance (GRC)Within most organisations, management and the board have, in the past, viewed GRC as discreteactivities managed as separate functions and, more often than not, tucked away in a variety ofpockets across the organisation. This approach has resulted in accountability and communicationgaps, as well as redundancies and confusion. As stakeholder demands for increased integrityclimb, these gaps can sharply impact the value of a business.New definitions, requirements and standards are emerging – from both internal and externalsources – forcing boards and managers to rethink the roles, responsibilities and relationships ofdiscrete GRC activities. Amidst this dynamic environment, PricewaterhouseCoopers has put forthan integrity-driven performance approach.6
We propose that organisations can create value by strategically integrating GRC into theirbusinesses (see Figure II-1) to form an ethical and operational backbone against which thebusiness is managed, such that:• Governance activities include setting business strategy and objectives, determining riskappetite, establishing culture and values, developing internal policies and monitoringperformance.• Risk management activities include identifying and assessing risks that may affect theability to achieve objectives, applying risk management to gain competitive advantageand determining risk response strategies and control activities.• Compliance activities include operating in accordance with objectives and ensuringadherence with laws and regulations, internal policies and procedures, and stakeholdercommitments.Figure II-1: Effective Integration of GRCS TA KE HO LD ERE XP EC TA TI ON SENABLING CULTURE,PROCESS& TECHNOLOGYGovernanceEnterpriseRisk ManagementComplianceEMERGING& NEW REQUIREMENTSSTANDARDSSetting objectives, tone,policies, risk appetiteand accountabilities.Monitoring performance.Identifying and assessingrisks that may affect theability to achieve objectivesand determining riskresponse strategies andcontrol activities.Extended Enterprise & Value ChainE TH ICA LCU LT UR EOperating in accordancewith objectives andensuring adherence withlaws and regulations,internal policies andprocedures, andstakeholder commitments.7
Page 6 and 7: Governance Reforms: A Snapshot of R
Page 10 and 11: An integrated approach to GRC prope
Page 12 and 13: As shown in Figure II-2, a new visi
Page 14 and 15: In our view, a leading GRC capabili
Page 16 and 17: Integrating GRC into Core Business
Page 18 and 19: Interestingly, many of the technolo
Page 20 and 21: PricewaterhouseCoopers developed th
Page 22 and 23: • The organisation deploys proces
Page 24 and 25: Governance ProcessesIn order to exe
Page 26 and 27: Successful GRC Process IntegrationG
Page 28 and 29: GRC performance enables greater bus
Page 30 and 31: Cost ManagementThe term “Total Co
Page 32 and 33: Organisations face an abundance of
Page 34 and 35: The Emerging Role of Technology: En
Page 36 and 37: Interestingly, in many organisation
Page 38 and 39: IV. The Governance, Risk & Complian
Page 40 and 41: The GRC Operating Model is both sca
Page 42 and 43: Envision Performance Driven by Inte
Page 44 and 45: Improve and Measure SuccessDevelop,
Page 46 and 47: The GRC Operating Model promotes op
Page 48 and 49: Implementing a sustainable reportin
Page 50 and 51: Appendix: Governance, Risk and Comp
Page 52: www.pwc.com/governance© 2004 Price

Integrity-Driven Performance. New Strategy for ... - GRC Resource

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?