Once companies address the question of whether to create a governance, risk-management, and compliance program with a broad organizational charter, an even bigger question looms: How do we actually structure and implement something like that? The question poses challenges. After all, GRC policies and processes—of varying degrees of effectiveness and efficiency—already exist throughout the business. […]
L. Mitchell Scott
Posted inFrom the Archive
Helping GRC Education, Communication Get Noticed
As regulatory demands and cost-cutting pressures increase, executives want to know how education and communication in compliance risk can be made more effective and more efficient. Providing a satisfying answer requires governance, risk management, and compliance (GRC) professionals to first ask an equally important question: How relevant are our education and communications efforts? Unfortunately, the […]
Posted inInternal Controls
Doing More With Less: Slashing the GRC Budget
In the rearview mirror, corporate scandals that sparked increased attention over the need for better corporate governance, risk management, internal control, and compliance may appear smaller than they really are. Yet, despite the evident need, many companies are slashing GRC budgets. In the current environment, GRC executives simply must know how to do more with […]
Posted inInternal Controls
Creating a High-Performance GRC System
A high-performing GRC system will always deliver value. Always. The value of a business activity or department directly relates to its contribution to business objectives. For that reason, focusing on measuring GRC activities themselves (risk assessment, policy management, training and communication, or control management, for example) isn’t sufficient. Rather, executives must place a special focus […]
Posted inInternal Controls
The Challenge of Capturing, Evaluating Risks
As former SEC Chairman and Compliance Week Columnist Harvey Pitt wrote in these pages back in June 2004: “Management’s most important job is identifying, assessing, and managing risk.” Unfortunately, that is easier said than done, especially when it comes to communicating that risk to the board. In fact, as Pitt pointed out, management regularly fails […]
Posted inFrom the Archive
Internal Investigations in the Global Enterprise
Back in the book of Genesis, the first-ever investigation was pretty straightforward: only two potential perpetrators, a single location (under a tree), and an omniscient investigator. Things have become much more complex since then—and in most cases, we don’t have the benefit of an omniscient investigator. As such, most organizations should develop an approach to […]
Posted inFrom the Archive
How to Design and Manage Codes of Conduct
A Code of Conduct may serve many purposes. For some, it is a legal document and “meta-policy” that summarizes key policies of the business. Leading firms, however, see the Code as an opportunity to codify in a single document the mission, vision, and values of the organization—as well as the expectations of the entire workforce […]
Posted inFrom the Archive
Beyond Effectiveness: Does Your Program Perform?
As discussed in the last installment of GRC Illustrated, organizations have focused a lot of time, energy, and resources on designing, implementing, and improving their governance, risk management, compliance, ethics and internal control systems. (Taken as a whole, these can be considered an organization’s overall GRC capability.) Some executives are appropriately asking, “Are we delivering […]
Posted inFrom the Archive
Mechanics Of Evaluating GRC Effectiveness
Over the past few years, organizations have focused a lot of time, energy, and resources on designing, implementing, and improving their governance, risk management, compliance, ethics, and internal control systems—increasingly called “GRC systems.” As a result, many executives are starting to ask, “Is all of this work really working? Are we actually and factually delivering […]
Posted inFrom the Archive
Leveraging Controls For Operational Benefits
Businesses, especially those that are publicly traded, have spent a lot of time and money on systems for internal control over financial reporting. And, in response to the 2004 update of the U.S. Federal Sentencing Guidelines, many companies of all types and sizes have invested to modernize their compliance and ethics programs. A good question […]
