An accelerated rate of change, greater complexity, and increased transparency have created an avalanche of new risks and opportunities. As a result, many organizations have directed significant time and resources to governance, risk, and compliance (GRC). Having stretched their oversight capabilities to the breaking point, some companies have had to divert attention from revenue-generating activities. Integration of the potentially dozens of oversight functions and committees duplicated across multiple departments and geographies can mean increased efficiency and the opportunity to drive improved performance.
Our perspective
A principles-based approach to integrated governance, risk, and compliance (iGRC) enables companies to take incremental steps toward achieving both risk-based resource allocation and sustainable efficiencies. Anchoring the analysis in principles and systematically evaluating how people, process, technology, and information are used to apply the principles helps management focus on what has to be done rather than who reports on it or where it occurs. Further, organizations can take gradual steps toward iGRC. By using this approach to capitalize on their best practices, companies can reallocate business unit resources to revenue-generating roles, control skyrocketing GRC costs, and make key business decisions on a risk-reward basis.
Implications
The evolution to iGRC is based on logical integration opportunities. Once an organization has defined its scope, integration can be executed along three avenues: within oversight functions, across oversight functions, or within and across business units. This approach allows companies to move toward integration in incremental steps; establishes an efficient GRC infrastructure that enables balancing of growth, risk, and return; and lets management get back to business.
