Now that you know what you don't know.

Nine ways you can start taking action today

1. Take the long view

2. Don't delegate this one

3. Make the business case

4. Start where you are

5. Getting ahead of risk

6. Work from the top

7. Overcoming inertia

8. Automate

9. Get to the heart of the matter

Take the long view

Your fragmented approach to governance, risk management, and compliance wasn't designed with a master plan in mind. It evolved over time, driven by practical needs in reaction to ever-changing requirements. Things are going to keep evolving too, and the pace at which threats and opportunities emerge will only increase.

* Companies operating in multiple countries or with complex global supply chains face growing risk and compliance challenges every year.

* Employment regulations pose new risks, especially with workforces scattered around the world.

* Outsourcing and offshoring bring special threats because they cut across cultures as well as borders.

* Advanced technologies give individuals unprecedented power, including the power to misbehave.

* Regulators not only want to know what you're doing, they want to know how you're doing it--and why. Documentation matters.

* Customers, communities, and even investors have higher expectations for corporate responsibility.

All of this means that you can't expect to achieve GRC nirvana overnight. An integrated, risk-intelligent approach requires a long-term focus and investment in underlying infrastructure.

First things

Recognize the new realities around you.

Champion the wisdom of doing things better.

A CEO's options for handling GRC Pros Cons Ignore it No investment or action required Unacceptable risk Problems don't go away, but get steadily worse. Delegate it It's not much fun Only the CEO has the clout to make GRC integration real Somebody else could do a decent job You have more important things to do Fragmented leadership can drive incremental improvements, but the overall piecemeal approach remains When things blow up, it's still your problem Take charge Reduced costs, improved performance Requires an upfront investment of time, money, and resources-and personal involvement from the top Improved quality and efficiency through integration and standardization Reduced risk Increased board confidence Don't delegate this one

You've heard the adage "When everyone's responsible, no one's responsible." Well, that's especially true here. Until you have a sustainable framework in place, getting ahead of the GRC challenge will have to be CEO-driven.

* GRC cuts across every operational area of a business. Expect turf battles in the overlaps. Expect to find holes where ownership needs to be assigned. Be prepared to mandate an enterprise perspective. And don't buy it when people say, "We already have this handled."

* Unless the CEO signals the importance of an integrated enterprise approach, it won't happen. "Tone at the top" is a prerequisite, but hands-on leadership is even more critical.

* Only the CEO can engage the board. As board members confront the reality of their personal exposure and risk, they need to know exactly how the company is...