S S
1
Ten Slides in Ten Minutes: Company Realities – Governance, Risk & Compliance [Capturing the Hearts and Minds of Prospects & Clients]
Presented by:
Bill Graham APM.APMP
December, 2013
2
Sustainable Business Issues
• Governance
• Risk
• Legislative
• Security:
o Internal
o External
o Physical
3
Governance describes the overall management approach through which
senior executives direct and control the entire organisation. Governance
activities ensure that critical management information reaching the executive
team is sufficiently complete, accurate and timely to enable appropriate
management decision making and actions
Risk Management is the set of processes through which management
identifies, analyses, and, where necessary, responds appropriately to risks
that might adversely affect realisation of the organisation's business
objectives
Compliance means conforming with stated requirements through
management processes that identify the applicable requirements (e.g. laws,
regulations, contracts, strategies and policies) and prioritise, fund and initiate
any corrective actions deemed necessary.
Establishment of a Sustainable Business centric GRC Framework
Source: Various
4
G
C R
Establishment of a Sustainable Business centric GRC Framework
Source: Various
Some companies use independent 3rd parties to undertake a first-level framework definition
5
Board Level
Leadership
Executive
Management
• Regulations establish board responsibilities
• Ensure that the strategies support business aspirations
• Delivery of value to the business
• Mitigation of identified risks Structure
Processes
Governance is not a spectator sport
Establishment of a Sustainable Business centric GRC Framework Governance
Source: Sales Synthesis
6
P()
$
Risk ID & Quantify
Reporting
Fragility Analysis Action
Statutory
economic
Social
Environs
Compliance
Risk Propensity
GRC Frameworks are well documented and supported
Establishment of a Sustainable Business centric GRC Framework Risk Management
Source: Melrose Atteridge
7
Major Shifts in the Global Compliance Landscape:
• Standards bodies are tightening enforcement
• International breach notification laws
• More regulations = more (prescriptive) rules
• “Check list” approach not working any more
• Increased costs and risk i.e. litigation for compromised data; brand reputation
• More transparency = greater consequences
• Compliance is being forced to the “next level”
• Compliance is now a management issue
GRC Frameworks are well documented and supported
Establishment of a Sustainable Business centric GRC Framework Compliance
Source: Consult to Comply
8
Compliance at the Next Level:
• Have you developed a sustainable business-centric compliance strategy?
• Do you have a consistent controls framework?
• Do you have the appropriate level of controls specific to your business?
• Can you easily articulate and defend your controls to auditors?
• Can you produce multiple reports for different purposes?
• Can you reduce repetitive manual tasks and redundant controls?
• Is compliance fully embedded in your business process?
• Are you prepared for the next round of upcoming regulations?
GRC Frameworks are well documented and supported Source: Consult to Comply
Establishment of a Sustainable Business centric GRC Framework Compliance
9
Compliance Mapping
P()
$
Risk ID & Quantify
Reporting
Fragility Analysis Action
Compliance
Risk Propensity
Statutory
economic
Social
Environs
GRC Frameworks are well documented and supported Source: Melrose Atteridge & Consult to Comply
Compliance Mapping
10
The Governance, Risk & Compliance (GRC) Landscape
Source: Unknown
GRC permeates across the Business - an example of IT GRC