Governance, risk management, and compliance . . . GRC . . . too many organizations approach it from a bottom-up exercise instead of a top-down strategic tool to drive what OCEG calls Principled Performance. However, properly understood, GRC is about performance of the organization.
The official definition of GRC, found in the OCEG GRC Capability Model, is that GRC “is a capability to reliably achieve objectives [GOVERNANCE], address uncertainty [RISK MANAGEMENT], and act with integrity [COMPLIANCE].
Governance sets direction and strategy for the organization to reliably achieve objectives. Governance sets the context for risk management, without context risk management fails.
Risk management seeks to manage and understand uncertainty by identification, assessment, and monitoring of risk within context to act on risk through acceptance, avoidance, mitigation, or transfer.
Compliance aims to see that the organization acts with integrity in fulfilling its regulatory, contractual, and self-imposed obligations and values. Compliance follows through on risk treatment plans to assure that risk is being managed within limits and controls are in place and functioning.
Using this definition, GRC is an enabler of Performance of the organization as it tries to achieve (or exceed) its objectives. This is particularly true for todays banking and finance organization.
The modern financial services firm is in a world of navigating chaos. Continuously evolving regulations and obligations, a dynamic and interconnected external risk environment, and a complex and changing internal business environment (e.g., strategy, processes, operations, employees, technology, and business partners. Financial services organizations need to leverage GRC from a top-down approach to make GRC an enabler of performance in the midst of chaos.
This episode of the GRC Red Flag Series will look at the interconnectedness of risk and objectives on the financial services organization driving the demand for a 360° contextual awareness of GRC in context of Performance. Financial services organizations need to see the intricate relationships of objectives and risks.
Our host Michael Rasmussen
Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 28+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” – being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
Corporater is a leading software industry expert in GPRC (Governance, Performance, Risk, and Compliance), offering the unique capabilities required for enabling a sustainable, efficient, and effective GRC program aligned with strategy and performance, all within a single platform. Corporater provides the world’s leading Business Management Platform which offers ‘One View, One Platform’ for a holistic and complete overview of the business. We use our gains to make a social impact. With customers spread across 30 countries, ranging from SME’s to Fortune 500 companies and several governmental organizations, the user-base for Corporater has quickly grown into 100,000+.