Professional Documents
Culture Documents
How Do We Get Organized? Where Are We Today?: GRC Illustrated Series
How Do We Get Organized? Where Are We Today?: GRC Illustrated Series
DEVELOPMENT PARTNERS
Many organizations are in the process of taking a step back to look at how they organize and allocate
capital to the full range of governance, risk management, compliance and internal control processes (GRC).
Tax
Anti-Money
Laundering
Antitrust
3 HOW DO WE INTEGRATE OUR APPROACH AND INFORMATION? 4 DEGREES
Data Protection
Government OF INTEGRATION
Contracts • Who currently owns which risks? INTEGRATED INFORMATION
• How do we prioritize risks? • Risk-aware creation of strategy
Financial Environmental
Reporting • How are resources currently and measurement of performance GRC activities are
aligned to address priority risks?
embed in embedded in mainline
CEO • Enterprise patterns of misconduct
• Is every risk area covered? processes processes and become
identified and addressed
• Is there duplication? • Early warning of significant events part of the fabric of
• Are we relying too much on • Replicate GRC solutions to other the business itself
back-end monitoring versus risk areas
front-end prevention?
EXTENDED ENTERPRISE RISKS GRC activities
• Are we doing risk assessments? synchronize synchronize with
• What techniques are being used? with business
Compliance mainline processes to
• How do we prioritize risk? Is it
Officer reduce burden on the
viewed across the enterprise or in
business
Data Handling a manner?
Info
in Outsourced Corruption and • Who is writing the policies? rmation is Integrated
Call Centers Bribery by Sales • Who is implementing the Risk areas coordinate
Labor Issues controls?
coordinate with one another to
Contractors and Business
with Suppliers Agents • Who is conducting the training? risk areas afford reuse and a
Operators
• Is any of this work coordinated? portfolio view of risk
Environmental Issues Material Handling • How much burden are we putting
Deep in the Supply Chain by Suppliers on the business with information Information Officer
requests? & IT Professional
Common vocabulary
Risk General standardize &
and approach to key
How are we evaluating the performance Officer Financial Chief Audit Counsel harmonize GRC activities
of our GRC activities? How do we know Officer Executive
®
©2008 OCEG that we are making progress?
contact info@oceg.org for comments, reprints or licensing requests