It has been stated that:
Any intelligent fool can make things bigger, more complex and more violent. It takes a touch of genius – and a lot of courage to move in the opposite direction.E. F. Schumacher
Governance, risk management, and compliance (GRC) is as much or more the responsibility of the front-office (1st line employees and management) as it is the back-office (2nd and 3rd line risk, compliance, security, control, and audit functions).
Think about it . . . risk, compliance, and control decisions are being made every day by the frontlines of the organization. The doctor or nurse in the hospital are making patient privacy and safety decisions; the teller at the bank is making decisions on fraud, customer privacy, security, and money-laundering; the miner in the coal mine is making environmental and health and safety decisions.
Risk exposure is . . .
[THE REST OF THIS ARTICLE CAN BE FOUND ON THE 360inControl BLOG WHERE GRC 20/20’S MICHAEL RASMUSSEN IS A GUEST AUTHOR]