Many software vendors and professional services firms are touting their abilities to converge or integrate what has become a common buzz word - "GRC". For those who are unfamiliar with the term, GRC stands for Governance, Risk and Compliance respectively. In many companies, activities related to each of these areas often over overlap and lend themselves to duplicative efforts as well as excessive costs. As such, there is a true need and benefit to integrating these disciplines.
However, what is often missed in this push for convergence is the need to first integrate these disciplines into the business processes themselves. The greatest convergence benefit will be achieved when Enterprise Risk Management becomes a part of running the business, rather than a separate exercise performed by units outside of the business. By focusing first on the "B" (the business) with the "G", "R" & "C" in mind, GRC convergence will begin to occur naturally as a by-product of the business integration efforts. Then, when that little old lady from the burger joint comes to review your Enterprise Risk Management Program (or more likely a rating agency, regulator or auditor), you will know the answer to the most important question. Share your thoughts and comments below.
No comments:
Post a Comment