Image via Wikipedia
For example, in the opening foreward they write, "...Fearful of both business failure and the penalties of non-compliance, many organizations have reacted by swelling their GRC departments. This has lead to a costly and complex web of often uncoordinated structures, policies, committees and reports, creating duplication of effort. Worse still, GRC has lost sight of its prime objective: to improve performance and efficiency. In short: the solution has become part of the problem! (my emphasis)
In recent years, internal auditors, risk officers, compliance offivers and information technology chiefs have begun to work together more closely, finding commonality between disparate GRC projects. Some organizations even formed GRC committees..."
I have seen first-hand at numerous client sites this scenario playing out. Departmental/Organizational silos are being struck down by foreward thinking leaders, because they know the value that is derived when GRC is done right. When we are able to share EthicsPoint's vision for GRC with organizations that have reached this stage of maturity, magical moments happen. The energy in the meeting ratchets up, and we get into really fruitful conversations on how value is created through these programs. As Oliver Engels, the European Head of GRC for KPMG in England states, "GRC convergence is an idea whose time has come. It is not simply a technology tool; it is a way to rationalize risk management and controls, giving management the information they need to improve business performance and achieve compliance."
Some other interesting statistics from the survey:
- 64% of respondents say GRC convergence is a priority for their organization
- 78% agreed strongly or slightly with the statement,"We see compliance encompassing internal policies, not just external rules and legislation."
- 59% believe the ability to identify and manage risks more quickly is among the main benefits of convergence
- 33% list improved corporate performance among the main benefits
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=ead8f493-96b7-4bed-af56-1ff59223fe5c)
Bill,
I like reading your blog and insights.
Your comment on seeing GRC as an investment triggered something you might value. I led benchmarking and stakeholder relations programs in CSR for a decade to provide business insights on CSR investment strategies and risks. My Fortune 10 company is a recognized global leader in CSR.
I value your interest in benchmarking and trend reports, and especially how to create greater leadership adoption globally. Understanding and communicating the value propostion for GRC to executives is important. They weigh limited and changing financial, resource investments across the enterprise as an ongoing activity.
How best then to educate executives and managers across the enterprise on the value proposition of GRC is critical.
Here is education, that properly developed and presented, can help executives understand and weigh priorities for investment. Maybe increase that 34% you highlighted.
One of the working groups I belonged was GEMI who had the question about the value proposition for EHS. Take a look at on pages 5, 9 and 10 from GEMI report below. These slides illustrate simple ways to communicate tangible and intangible EHS value steams for stakeholders. Many apply to GRC specifically.
So, a project to learn what leading firms use to communicate tangible and intangible value of GRC might be beneficial to help everyone. To see GRC as an investment in light of costs.
Maybe this is done already, but thought I would share.
Thanks Bill
GEMI Clear Advantage Report - Building Shareholder Value.
http://www.gemi.org/resources/GEMI%20Clear%20Advantage.pdf
Dennis Muscato
Business Relations and Development Professional
"Encourage one another to do what is good, honoring, and noble"