The enemy: compliance fragmentation; Automate, centralize, and coordinate your way to an improved GRC process.

• Author: Lea, Melissa
• Position: CORPORATE ACCOUNTABILITY AGENDA

IN TODAY'S GLOBAL ECONOMY, a decentralized and fragmented approach to risk management can lead to serious liabilities and unanticipated compliance gaps. Operating in multiple countries and regulatory jurisdictions, where no single, uniform legal standard exists to guide your business, only compounds the problem. It's not uncommon to feel overwhelmed by a dizzying array of laws, regulatory expectations, local customs, and financial mandates.

This environment makes it tempting to fall back on a one-off approach to compliance, where you follow more lenient standards in certain jurisdictions and enforce stricter requirements in others. But following this piecemeal approach to governance soon leads to trouble. Communication is difficult at best, and enforcing consistent compliance objectives across global operations becomes nearly impossible.

The damage caused by a fragmented approach to governance, risk management, and compliance (GRC) programs was recently validated in a survey conducted by the Open Compliance and Ethics Group (OCEG), Deloitte & Touche USA LLP, SAP, and Cisco. Nearly two-thirds of 250 survey respondents reported being adversely affected by "silos" within their operations--a result of system, geographic, and organizational fragmentation.

What's the net impact of a disjointed GRC approach on your organization? It could easily include inconsistent application of standards, duplication of efforts, higher GRC costs, and increased risk, to name a few of the myriad problems.

The three tenets

It's easier than you might think to combat a fragmented approach to GRC. You just need to follow three simple tenets: automate, centralize, and coordinate.

If you're going to improve your compliance--and forever bury a one-off approach--you need to automate end-to-end GRC processes, including corporate governance and oversight, risk management, and reporting. Automation eliminates manual processes and reduces errors--saving you time and money. You'll have more accurate and timely data as well as GRC processes that are both consistent and repeatable across your organization. Without automation, it's nearly impossible to quickly detect, assess, address, or control new risks as they emerge.

You must also centralize your GRC data to ensure consistent and reliable information flow. With a shared services approach, such as a central GRC office with direct reporting lines to your board, your organization can improve risk management and reporting on...