Why every organizations must ready for GRC

Organizations must address the increased risks associated with geopolitical instability, globalization, aggressive growth targets, increased competition and the information explosion. Risk management has always been a core competency in financial institutions. Today, integrated enterprisewide risk management practices are a regulatory imperative. Entrepreneurial activity and risk are not mutually exclusive. Integrated risk management is an instrument that enables informed managerial decisions and conscious acceptance of tolerable and acceptable level of risk. Therefore, risk management as a part of corporate governance will strengthen stakeholder confidence and provide a clear sense of direction to organizations engaging in entrepreneurial activities.

Compliance has evolved from a tick-box, reactive approach to a forwardlooking, proactive discipline that supports good governance. Compliance is now far broader than simply working through a list of all-or-nothing requirements, although rules-based compliance is still an important subset of overall compliance. In most cases, the compliance requirements set down in regulations or standards are maturity-driven and designed for continuous improvement over time. Market practice, benchmarks and new developments in business must be factored into the notion of compliance, given the constant changes and challenges of global business.

GRC is not an afterthought when entering into or operating a business. It is an expression of the need to protect the organization and maintain its integrity—toward external stakeholders, business partners, and internal employees and associates. Legislators with a focus on GRC represent the interests of national and international electorates and constituencies. Laws and statutes reflect a social agreement on the need for good governance. GRC regulations transform this overall agreement into sector- and industry-specific concepts. Industry associations and standards bodies provide consensus on planning, implementing and maintaining concepts relating to GRC.

Basel II and its provisions on risk management reflect the growing focus on building governance structures and frameworks in the financial services industry. The new Capital Accord reaches beyond earlier initiatives and their GRC requirements. The components and building blocks of Basel II cover a wide range of managerial and technical aspects, including challenges to information technology, security and business continuity, thus providing a sense of direction to specialist disciplines within banking and financial services organizations.

Information, the related technologies and challenges to information management are growing in importance. Banking and financial services today are increasingly reliant on complex information technology, in terms of both transacting business and exercising control. As part of GRC, one of the major imperatives is to build a bridge between core business processes and vital supporting technologies. The resulting framework for good governance in information management should not be restricted to control and compliance. The priorities of GRC must be reflected in the overall approach taken to information technology and its potential for supporting business globally.