client login    languages

GRC: Come Together, Right Here, Right Now—Part 2

Request A Demo of Our Ethics And Compliance Solution

GRC: Come Together, Right Here, Right Now—Part 2

This is Part 2 in the three-part blog series “GRC: Come Together, Right Here, Right Now.”

Previously I spoke about a recent KPMG report, “The Convergence Challenge,” and how risk and compliance management are becoming more integrated – and integral – to the entire business enterprise. One of the more startling statistics from that report was that the majority of organizations are not aligning their risk management activities with their overall business strategies, but the trend is slowly changing. One reason for this convergence is that organizations are seeing the benefits of implementing tools that integrate and analyze their compliance-related data, which includes policy and training management as well as incident management and remediation activities.

Anticipating risks is also part of the balance. But, identifying enterprise-level trends can be difficult across disparate sources. Per example, the KPMG report says that when asked how one would rate the effectiveness of their organization’s ability to anticipate and measure emerging risks, only 37% of respondents thought their companies did a good job. That’s a scary number which should make business leaders rethink their company’s risk profile and the ways in which they guard against risky activity in the first place.

Effectively anticipating and managing risks starts with building an ethical culture. It’s a proven way to head off risk potential before it gets out of control. A comprehensive code of conduct, clear and guiding policies, consistent and active communication, and training all help employees stay accountable for their behavior and aware of potential risks. Tracking employee attestations, identifying correlations between incidents and policies, and regularly reviewing and updating those policies is all part of the grc integration equation.

As your company grows, you also have to ensure that your understanding of the increased potential risks grows, too. Those expanding internationally need to be aware of international regulations – the FCPA, UK Bribery Act, and EU data privacy legislation, and events that may have ripple effects such as the Greek economic crisis, Japanese earthquake, political tension in the Middle East, etc.

Risk assessments and surveys are very useful methods used to gauge and manage risk based on the organization’s risk appetite. Risk scoring is used to illustrate the likelihood and impact of potential compliance-related risk. This will help show how policies are linked to risk and show task accountability as it relates to risk mitigation and reduction. If managed properly, risk doesn’t have to be something to fear, and you can even put it to use for you. As Cristina Tate, Director of Enterprise Risk Management at HP, says, “Risk is present whether you acknowledge it or not, but if you acknowledge it, then you can take advantage of the opportunities and make better decisions by understanding the whole picture.”

Next, time, I want to talk more about how an ethical company culture must be communicated from the top. GRC is more than just complying with regulations: it’s about complying with what a company deems as acceptable behavior.

About the Author

Jimmy Lin, VP, Product Management & Corporate Development. Jimmy leads corporate and product strategies for The Network’s Integrated GRC Solutions. He has over 14 years experience in and around software and technology, from implementing software to analyzing new markets and leading product strategies. Jimmy is a Certified GRC Professional (GRCP). Connect with Jimmy on LinkedIn

Leave a Comment

We would be glad to get your feedback. Take a moment to comment and tell us what you think.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Awards & Certifications 2013 GRC 20/20 Technology Innovation Award 2013 TAG Top 40 Innovative Company 2012 IABC Gold Quill Award 2012 MarCom Award We self-certify compliance Safe Harbor Safe Harbor Certification SOC 2 Certification