Governance, risk and compliance are merging or blending to offer global enterprises a holistic approach and expansive frameworks to tackle business problems that are closely related (but may have been treated as individual silos in the past). GRC derives strength and veracity from the fact that it can be applied in a customized and targeted fashion to various business segments and perspectives, yet also can account for the interconnectedness of agendas. As more attention is paid to perfecting corporate performance measurement and risk mitigation, operational transparency and accountability are not always increasing as expected. However, GRC promises a more integrated and standardized approach to performance management and a better means of achieving a measurable improvement in accountability. It represents the next logical step in helping companies envision and treat their governance and qualitymanagement problems. With GRC, the sum of the parts becomes more effective than an often myopic focus on the individual components, which are often siloed further by business unit or department. Furthermore, currently accepted methodologies are scalable both vertically and horizontally - that is to say, they will be effective for companies of all sizes and can be applied across all strategic and operational lines of business.

The most commonly accepted approaches to GRC have emanated from the Open Compliance and Ethics Group, a nonprofit organization that has reconstructed the governance, risk and compliance regimens into a unified framework that is both intuitive and effective. According to the OCEG, "Seeing the big picture helps you eliminate overlapping activities and develop a stronger, leaner risk management program." Indeed, the OCEG Measurement and Metrics Guide has become an important asset in aiding organizations all over the world to better understand, report on and rectify gaps and issues with respect to each piece of the GRC whole. Taking inspiration from OCEG, software vendors (especially in the ERP and enterprise resource management space) have been quick to adopt the GRC lexicon and offer products that help streamline and improve these areas. For example, some of the world's largest software vendors have achieved great success in centralizing their clients' GRC data via repositories. These repositories centralize corporate policies, regulatory mandates and performance management routines, and sometimes let external customers (who participate in a complicated supply chain) access this data, making them active participants in the GRC process. This helps reduce liabilities throughout operational lifecycles. The ability to automatically spot business process risks and home in on compliance violations across organizational units frees senior management to concentrate on pressing marketplace opportunities and spend less time reacting to endless financial, legal, compliance and governance obstacles. A solid GRC infrastructure should offer real-time data and the ability to aggregate and pivot on different classes of GRC policies. As with any performance management paradigm, a clear roadmap of sustainable improvement must emerge from the chaos. It is important that GRC intelligence is timely, repeatable and represents the real-life picture of how a company is positioned with respect to both the regulatory environment and the global marketplace.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access