Technology and the integration of governance, risk management and compliance.
| Author | Anand, Sanjay |
| Position | Technology |
These days, you can't channel surf without running across a cooking competition. On shows like Top Chef, Hell's Kitchen or Iron Chef America, master chefs, wannabe chefs and professional foodies meet to complete and critique a variety of gourmet challenges. Competitors draw upon innovation, creativity, resourcefulness and skill to create dishes that are pleasing both to the eye and the palate, while judges look for a balance of flavors and visually appealing presentation.
In the realm of business, executives and board members are the chefs, employing innovation, creativity, resourcefulness and skill to build and sustain a balanced company that appeals to its "judges"--the shareholders, employees, customers and even legislators that comprise the enterprise's stakeholders.
But just as a master chef must understand the potential and limitations of the ingredients and tools at his disposal, so must a chief financial officer or chief information officer understand the potential and limitations of technology in achieving the proper integration of governance, risk management and compliance (GRC) efforts.
Defining GRC
Like an old family recipe, GRC has different meanings to different constituencies. For example, an organization's legal department may view GRC through the lens of lowering litigation exposure via regulatory compliance. Similarly, the finance department may perceive GRC as focusing on the integrity of financial processes, while the audit department might see it as a project management process. And the information technology department might focus on combining controls, assets and permissions.
While GRC encompasses all of these elements, it's more than the sum of its parts. Optimally, GRC serves as a master chef, overseeing people, processes and technology in order to engage in activities that deliver stakeholder value while managing risk and complying with relevant regulations and laws.
Why Integrate GRC?
In many organizations, governance, risk management and compliance are compartmentalized, kept like three separate spice jars in a cupboard. This often results in duplicative effort, as when compliance controls closely mirror accounting controls. At times, keeping the three apart can lead to misinformation, as happens when risk managers aren't fully briefed about information security.
The separation of governance, risk management and compliance almost always negatively impacts the bottom line, either through increased risk exposure or...
To continue reading
Request your trialCOPYRIGHT GALE, Cengage Learning. All rights reserved.
