Audit and Internal Control

Week 7
Importance of Governance, Risk and Compliance (GRC)
Principle
 LEARNING OUTCOMES
• LO 4: Explain basic concept of Risk, Governance, and Internal Control
 OUTLINE
• Importance of Governance, Risk and Compliance Principles
• Road to Effective GRC Principles
• Risk Management Component Of GRC
Importance of Governance, Risk
and Compliance Principles
 Importance of Governance, Risk and
Compliance Principles

While this worked with smaller single

Enterprise Organizations and
proprietorships or in the tightly
Corporations, I n particular have
centralized corporations or eras past,
faced governance issues since their
okays arguer and often multiunit
earliest days. Someone or some
enterprises need broad based units
groups was in charge and took a lead
or functions for setting rules and
in setting the rules for employees
procedures - they need efficient and
and other stakeholders to follow.
effective governance processes.
 Importance of Governance, Risk and
Compliance Principles

An enterprise always faces risks that it

will be found in violation of one or
While enterprises have always been
another these multiple laws and
concerned with various governance, risk,
regulations. There are also risks that
an compliance issues, the introduction of
their own established governance rules
COSO ERM, the major theme of this
will not achieve their desired results or
course has brought all three of these
that they may face some outside event
governance, risk and compliance
beyond their control, such as a major
concerns together into what has been
event or a fire in a major facility. There is
called GRC Principles
a need to manage these risks at an
overall enterprise level.
Road to Effective GRC
Principles
Road to Effective GRC Principles
The G stands for Governance , this means taking care of business,
making sure that things are done according to enterprise
standards, regulations and board of director’s decision.

The R is Risk. Everything we do involves some element of risk.

The C represents compliance with the many laws and rules

affecting businesses and citizen today
Road to Effective GRC Principles

GRC Concept
Moeller (2011)
Importance of GRC Governance

Corporate or
enterprise
governance is a term
that refers broadly to
the rules, processes,
or laws by which
businesses are
operated, regulated
and controlled.
Risk Management Component Of
GRC
 Risk Management Component Of
GRC
There are four
interconnected Risk Management and Planning
steps in
effective GRC
Processes and Risk Identification and analysis
in enterprise
risk
management : Exploit and develop risk response strategies.

Risk Monitoring
 GRC and Enterprise Compliance

Compliance is the process

of adhering to a set of • The frequent introduction of new
guidelines or rules regulation
established by • Vaguely written regulations that require
government agencies,
standards group or interpretation.
internal policies. Adhering • No consensus on best practices used for
to these compliance compliance
related requirements is a
challenge for an • Multiple regulations often overlap
enterprise because of the • Constantly changing regulations
following issues:
 GRC and Enterprise Compliance

A consistent approach on the use of compliance driven

capabilities and supporting technologies across an enterprise can
provide these potential benefit :

Reduced total cost Competitive

Flexibility
of ownership advantage
GRC and Enterprise Compliance

Scope of Compliance
Moeller (2011)
 REFERENCES
• Hunziker, S. (2019). Enterprise Risk Management Modern Approach
to Balancing Risk and Reward. Springer Gabler. Wiesbaden, Germany 
• Moeller, R.R. (2011). COSO Enterprise Risk Management:
Establishing Effective Governance, Risk, and Compliance (GRC)
Processes. 2nd edition. John Wiley & Sons Inc. New Jersey. ISBN:
9780470912881.