Growing performance demands. Enhanced compliance and security regulations. Increasing business and operational risks inherent with competing in a global market. Amid these and other trends, the concept of governance, risk, and compliance (GRC) has become a frequent boardroom topic.
To evaluate how your company measures up against competitors consider the following:
Is your GRC dashboard integrated with performance management?
A converging view
Traditionally viewed as separate organizational silos, these disciplines today are converging to become an
integrated enterprise framework. Organizations in all industries have matured their perspectives on GRC and are expanding their initiatives to cover an integrated and enterpriselevel view of risk and compliance.
Based on standards and the work of various professional associations and regulatory agencies, we define the three key components as follows.
Governance. The culture, policies, processes, laws, and institutions that define the structure by which companies are managed. Corporate governance includes relationships among stakeholders, the board of directors, management, and organizational goals.
Risk. The effect of uncertainty on organizational objectives. Risk management involves coordinated activities to direct and control an organization toward fulfilling opportunities while mitigating the negative
consequences of events.
Compliance. The act of demonstrating adherence to external laws and regulations, as well as corporate policies and procedures. Compliance management involves the practice of coordinated activities to ensure the company stays within internally and externally mandated boundaries.
Integrated metrics to enhance decision making
An integrated GRC platform applies key risk indicators (KRIs) and key compliance indicators (KCIs) alongside
management’s key performance indicators (KPIs) to provide a dashboard of information for decision making. As a result, management gains visibility of external and internal business environments so that it can protectand grow value within established risk tolerance and legal boundaries.
West Monroe Partners’ GRC methodology covers both corporate and IT governance, enabling you to establish an effective framework for decision making and behavioral change. We align GRC elements and principles at the strategic, tactical, and operational levels, while at the same time integrating and managing the most essential processes related to a variety of activities.
A comprehensive methodology
West Monroe Partners’ GRC methodology incorporates the following activities:
Benefits—economic and otherwise
A comprehensive GRC solution guides activities throughout the governance, risk, and compliance lifecycle from the corporate to the IT levels. By doing so, it produces an array of benefits: