S S

1

Ten Slides in Ten Minutes: Company Realities – Governance, Risk & Compliance [Capturing the Hearts and Minds of Prospects & Clients]

Presented by:

Bill Graham APM.APMP

December, 2013

bill.graham@sales-synthesis.co.za

2

Sustainable Business Issues

• Governance

• Risk

• Legislative

• Security:

o Internal

o External

o Physical

3

Governance describes the overall management approach through which

senior executives direct and control the entire organisation. Governance

activities ensure that critical management information reaching the executive

team is sufficiently complete, accurate and timely to enable appropriate

management decision making and actions

Risk Management is the set of processes through which management

identifies, analyses, and, where necessary, responds appropriately to risks

that might adversely affect realisation of the organisation's business

objectives

Compliance means conforming with stated requirements through

management processes that identify the applicable requirements (e.g. laws,

regulations, contracts, strategies and policies) and prioritise, fund and initiate

any corrective actions deemed necessary.

Establishment of a Sustainable Business centric GRC Framework

Source: Various

4

G

C R

Establishment of a Sustainable Business centric GRC Framework

Source: Various

Some companies use independent 3rd parties to undertake a first-level framework definition

5

Board Level

Leadership

Executive

Management

• Regulations establish board responsibilities

• Ensure that the strategies support business aspirations

• Delivery of value to the business

• Mitigation of identified risks Structure

Processes

Governance is not a spectator sport

Establishment of a Sustainable Business centric GRC Framework Governance

Source: Sales Synthesis

6

P()

$

Risk ID & Quantify

Reporting

Fragility Analysis Action

Statutory

economic

Social

Environs

Compliance

Risk Propensity

GRC Frameworks are well documented and supported

Establishment of a Sustainable Business centric GRC Framework Risk Management

Source: Melrose Atteridge

7

Major Shifts in the Global Compliance Landscape:

• Standards bodies are tightening enforcement

• International breach notification laws

• More regulations = more (prescriptive) rules

• “Check list” approach not working any more

• Increased costs and risk i.e. litigation for compromised data; brand reputation

• More transparency = greater consequences

• Compliance is being forced to the “next level”

• Compliance is now a management issue

GRC Frameworks are well documented and supported

Establishment of a Sustainable Business centric GRC Framework Compliance

Source: Consult to Comply

8

Compliance at the Next Level:

• Have you developed a sustainable business-centric compliance strategy?

• Do you have a consistent controls framework?

• Do you have the appropriate level of controls specific to your business?

• Can you easily articulate and defend your controls to auditors?

• Can you produce multiple reports for different purposes?

• Can you reduce repetitive manual tasks and redundant controls?

• Is compliance fully embedded in your business process?

• Are you prepared for the next round of upcoming regulations?

GRC Frameworks are well documented and supported Source: Consult to Comply

Establishment of a Sustainable Business centric GRC Framework Compliance

9

Compliance Mapping

P()

$

Risk ID & Quantify

Reporting

Fragility Analysis Action

Compliance

Risk Propensity

Statutory

economic

Social

Environs

GRC Frameworks are well documented and supported Source: Melrose Atteridge & Consult to Comply

Compliance Mapping

10

The Governance, Risk & Compliance (GRC) Landscape

Source: Unknown

GRC permeates across the Business - an example of IT GRC