Thursday, March 25, 2010

Survival of the most informed

KPMGImage via Wikipedia

Read a fascinating study from KPMG today - The Convergence Challenge, which is a global survey into the integration of governance, risk and compliance, originally published in February 2010. I literally wore out my highlighter as I tried to capture all the data, quotes and other material that jumped off the page to me.

For example, in the opening foreward they write, "...Fearful of both business failure and the penalties of non-compliance, many organizations have reacted by swelling their GRC departments. This has lead to a costly and complex web of often uncoordinated structures, policies, committees and reports, creating duplication of effort. Worse still, GRC has lost sight of its prime objective: to improve performance and efficiency. In short: the solution has become part of the problem! (my emphasis)

In recent years, internal auditors, risk officers, compliance offivers and information technology chiefs have begun to work together more closely, finding commonality between disparate GRC projects. Some organizations even formed GRC committees..."

I have seen first-hand at numerous client sites this scenario playing out. Departmental/Organizational silos are being struck down by foreward thinking leaders, because they know the value that is derived when GRC is done right. When we are able to share EthicsPoint's vision for GRC with organizations that have reached this stage of maturity, magical moments happen. The energy in the meeting ratchets up, and we get into really fruitful conversations on how value is created through these programs. As Oliver Engels, the European Head of GRC for KPMG in England states, "GRC convergence is an idea whose time has come. It is not simply a technology tool; it is a way to rationalize risk management and controls, giving management the information they need to improve business performance and achieve compliance."

Some other interesting statistics from the survey:
  • 64% of respondents say GRC convergence is a priority for their organization
  • 78% agreed strongly or slightly with the statement,"We see compliance encompassing internal policies, not just external rules and legislation."
  • 59% believe the ability to identify and manage risks more quickly is among the main benefits of convergence
  • 33% list improved corporate performance among the main benefits
What strikes me is that while accurately determining ROI on GRC activities is extremely difficult (how do you put a price on what doesn't occur?), so many leading companies inherently understand that GRC requires doing more than the minimum required, and by taking a proactive, enterprise approach, benefits accrue to their organization. Yet these companies are in the minority - silos still exist in most companies, and many see GRC as an expenditure as opposed to a benefit (just 34% see resources expended for GRC as an investment rather than a cost). When considered in conjunction with Ethisphere's data that Ethical companies outperform their peers and the general market, I do wonder why the momentum and pace of convergence isn't even faster?

Reblog this post [with Zemanta]


1 Response to "Survival of the most informed"

Dennis Muscato said... March 27, 2010 at 11:23 AM


I like reading your blog and insights.

Your comment on seeing GRC as an investment triggered something you might value. I led benchmarking and stakeholder relations programs in CSR for a decade to provide business insights on CSR investment strategies and risks. My Fortune 10 company is a recognized global leader in CSR.

I value your interest in benchmarking and trend reports, and especially how to create greater leadership adoption globally. Understanding and communicating the value propostion for GRC to executives is important. They weigh limited and changing financial, resource investments across the enterprise as an ongoing activity.

How best then to educate executives and managers across the enterprise on the value proposition of GRC is critical.

Here is education, that properly developed and presented, can help executives understand and weigh priorities for investment. Maybe increase that 34% you highlighted.

One of the working groups I belonged was GEMI who had the question about the value proposition for EHS. Take a look at on pages 5, 9 and 10 from GEMI report below. These slides illustrate simple ways to communicate tangible and intangible EHS value steams for stakeholders. Many apply to GRC specifically.

So, a project to learn what leading firms use to communicate tangible and intangible value of GRC might be beneficial to help everyone. To see GRC as an investment in light of costs.

Maybe this is done already, but thought I would share.

Thanks Bill

GEMI Clear Advantage Report - Building Shareholder Value.

Dennis Muscato
Business Relations and Development Professional
"Encourage one another to do what is good, honoring, and noble"

Post a Comment