Scribd Logo
Upload

Welcome to Scribd!

  • How Do We Get Organized? Where Are We Today?: GRC Illustrated Series

    Uploaded by

    محمد عبدالعال
    19 views1 page

    Original Title

    how improve GRC

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    19 views1 page

    How Do We Get Organized? Where Are We Today?: GRC Illustrated Series

    Uploaded by

    محمد عبدالعال

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    GRC Illustrated Series

    DEVELOPMENT PARTNERS

    Many organizations are in the process of taking a step back to look at how they organize and allocate
    capital to the full range of governance, risk management, compliance and internal control processes (GRC).

    We can start small FIRST STEPS (START HERE)


    1 WHERE ARE WE TODAY? 2 HOW DO WE GET ORGANIZED? and simply look
    • Define a “GRC Charter / Purpose” • Eliminate unnecessary processes
    at 2-3 risk areas
    First, it’s important to understand your current internal and external context — Once you understand all of the How do we get and opportunities • Allocate responsibilities to new or • Eliminate unnecessary technology
    And without an army everyone else existing organizational structures
    in particular all of the existing activities being conducted in areas in your business where to improve our • Eliminate unnecessary overhead
    of dedicated staff or on board?
    SILOS OF GOVERNANCE, RISK, and COMPLIANCE: GRC activities are conducted, approach • Define common processes and
    some new corporate How do we • Define what “success” means
    you can begin the process of structures (where it makes sense)
    bureaucracy? move this up
    organizing and integrating
    them for greater impact. We want to do
    the list of ...BUT DON’T BOIL THE OCEAN
    priorities?
    Increased costs this...but how?
    People do not have People feel
    a total view of risks constantly bothered
    Things slip Unnecessary
    through the cracks complexity Inform

    T $$ $$ Embed and synchronize GRC


    processes across the
    & Integrate
    D GE
    organization including the
    BU
    S T R AT E G I C way you assess risks; Monitor Respond Detect Prevent Asses
    manage mandates; develop & Measure & Resolve & Discern & Promote & Align
    policies; deliver training;
    detect and resolve issues;
    FINA OP
    NCIAL ERATIONAL monitor controls; promote
    Use existing operational Resolve issues in a Integrate your systems for Integrate GRC training and Embed risk assessments into
    positive conduct; and
    Credit Market continuously improve. information and metrics to systemic way and capturing and processing issues controls into mainline strategic planning activities;
    CO Anti-Fraud
    MPLIANCE substantiate GRC replicate across the so that deep enterprise patterns processes; owned by mainline consolidate requests and
    Liquidity Workforce performance enterprise can be identified process owners self-assessments
    Employment Global Trade
    Product
    Quality

    Tax
    Anti-Money
    Laundering
    Antitrust
    3 HOW DO WE INTEGRATE OUR APPROACH AND INFORMATION? 4 DEGREES
    Data Protection
    Government OF INTEGRATION
    Contracts • Who currently owns which risks? INTEGRATED INFORMATION
    • How do we prioritize risks? • Risk-aware creation of strategy
    Financial Environmental
    Reporting • How are resources currently and measurement of performance GRC activities are
    aligned to address priority risks?
    embed in embedded in mainline
    CEO • Enterprise patterns of misconduct
    • Is every risk area covered? processes processes and become
    identified and addressed
    • Is there duplication? • Early warning of significant events part of the fabric of
    • Are we relying too much on • Replicate GRC solutions to other the business itself
    back-end monitoring versus risk areas
    front-end prevention?
    EXTENDED ENTERPRISE RISKS GRC activities
    • Are we doing risk assessments? synchronize synchronize with
    • What techniques are being used? with business
    Compliance mainline processes to
    • How do we prioritize risk? Is it
    Officer reduce burden on the
    viewed across the enterprise or in
    business
    Data Handling a manner?
    Info
    in Outsourced Corruption and • Who is writing the policies? rmation is Integrated
    Call Centers Bribery by Sales • Who is implementing the Risk areas coordinate
    Labor Issues controls?
    coordinate with one another to
    Contractors and Business
    with Suppliers Agents • Who is conducting the training? risk areas afford reuse and a
    Operators
    • Is any of this work coordinated? portfolio view of risk
    Environmental Issues Material Handling • How much burden are we putting
    Deep in the Supply Chain by Suppliers on the business with information Information Officer
    requests? & IT Professional
    Common vocabulary
    Risk General standardize &
    and approach to key
    How are we evaluating the performance Officer Financial Chief Audit Counsel harmonize GRC activities
    of our GRC activities? How do we know Officer Executive
    ®
    ©2008 OCEG that we are making progress?
    contact info@oceg.org for comments, reprints or licensing requests

    You might also like