
Norman Marks
But, there is true value in considering GRC within your organization – without taking away from the points I made in that earlier post.
GRC refers to “a capability to reliably achieve objectives (governance & performance) while addressing uncertainty (risk management) and acting with integrity (compliance)”.
The message behind GRC is that all of the different pieces described and included in that definition of GRC need to work together, in harmony and an orchestrated fashion, if the organization is to optimize performance and reliably achieve objectives. For example:
- If strategy is developed and only then is risk considered (instead of formulating strategy after understanding risks and opportunities both within the organization and in its business environment), you may set the wrong strategies and objectives.
- If performance is evaluated, monitored, and managed without an integrated understanding of risks or compliance considerations, you are unlikely to optimize results.
- If politics and other factors cause the organization to fail to share information and resources, have redundant and siloed operations, you are unlikely to perform.
- If the compliance function is always chasing after initiatives and plans so it can add compliance bandaids, instead of being on the bus from the beginning, failure is likely.
I think organizations need to build out the maturity of the individual pieces of GRC while ensuring that they don’t result in silos, and with a vision of orchestration and harmony across the organization.
Since the failure to harmonize is most often the result of the sickness we call internal politics, this needs to be monitored, diagnosed, and treated aggressively.
I welcome your views and comments.
* www.theiia.org/blogs/Marks/index.cfm/post/Does%20It%20Make%20Sense%20to%20Discuss%20GRC?
Norman Marks, CPA, is vice president, governance, risk, and compliance for SAP's BusinessObjects division, and has been a chief audit executive of major global corporations for more than 15 years. He is the contributing editor to Internal Auditor’s “Governance Perspectives” column.
normanmarks.wordpress.com/
GRC refers to “a capability to reliably achieve objectives (governance & performance) while addressing uncertainty (risk management) and acting with integrity (compliance)”.
The message behind GRC is that all of the different pieces described and included in that definition of GRC need to work together, in harmony and an orchestrated fashion, if the organization is to optimize performance and reliably achieve objectives. For example:
- If strategy is developed and only then is risk considered (instead of formulating strategy after understanding risks and opportunities both within the organization and in its business environment), you may set the wrong strategies and objectives.
- If performance is evaluated, monitored, and managed without an integrated understanding of risks or compliance considerations, you are unlikely to optimize results.
- If politics and other factors cause the organization to fail to share information and resources, have redundant and siloed operations, you are unlikely to perform.
- If the compliance function is always chasing after initiatives and plans so it can add compliance bandaids, instead of being on the bus from the beginning, failure is likely.
I think organizations need to build out the maturity of the individual pieces of GRC while ensuring that they don’t result in silos, and with a vision of orchestration and harmony across the organization.
Since the failure to harmonize is most often the result of the sickness we call internal politics, this needs to be monitored, diagnosed, and treated aggressively.
I welcome your views and comments.
* www.theiia.org/blogs/Marks/index.cfm/post/Does%20It%20Make%20Sense%20to%20Discuss%20GRC?
Norman Marks, CPA, is vice president, governance, risk, and compliance for SAP's BusinessObjects division, and has been a chief audit executive of major global corporations for more than 15 years. He is the contributing editor to Internal Auditor’s “Governance Perspectives” column.
normanmarks.wordpress.com/
Autres articles
-
TMS Network (TMSN) Powers Up As Cryptocurrency Domain Appears Unstoppable. What Does This Mean For Dogecoin (DOGE) and Solana (SOL)?
-
The Growing Popularity of Crypto Payments: Could TMS Network (TMSN), Alchemy Pay (ACH), and Ripple (XRP) Lead The Way Despite The Whales?
-
DigiFT DEX Raises $10.5M in Pre-Series A Funding Led by Shanda Group
-
Giddy Wallet Announces First-Ever Autogas Feature for Polygon
-
Tezos (XTZ) and Cardano (ADA) Investors Stake Tokens for Passive Income -- Here's Why They Should Invest In TMS Network (TMSN) Instead