Governance, Risk Management and Compliance (GRC) 101
IRM & GRC
In the first part of 2020, a great many companies around the world received a harsh reminder of the need to have plans in place for risk management. The spread of a new coronavirus, commonly known as COVID-19, has seen a huge impact on businesses, from small restaurants to multinational corporations. These organizations rely on their Governance, Risk Management and Compliance, or GRC plans and procedures to ensure they survive the impact of incidents such as a pandemic.
GRC is not new. Responsible business owners have been planning for worst-case scenarios throughout time. In fact, we do it in our everyday lives. Having a backup plan for the unknown can give one a sense of comfort. But the acronym itself is young, having been coined in the early 2000’s after a series of high-profile corporate financial disasters. The Enron scandal of 2001, the Worldcom and Tyco scandals in 2002, all of which led to the Sarbanes-Oxley Act (SOX) of 2002. Although governance, risk management and compliance are not new concepts, organizations quickly realized that in today’s modern markets, there was a need to bring the three practices together into a coordinated effort. This brought about the introduction of open-source GRC standards.
Let’s look at the three main concepts of GRC. Governance covers sets of rules, policies, and processes that are in place to govern corporate behavior. Risk management is that “plan for the worst” set of procedures and actions designed to help mitigate those incidents which threaten the success or marketability of a company. Compliance is ensuring that all levels of a company, from employees to departments to the company as a single entity, adhere to all applicable rules, regulations, ethics and standards. Tightening the integration of these three concepts has led to the continuing development of GRC, and now we see a proliferation of tools and software that can help make this happen. Platforms like RSA Archer and ServiceNow give organizations the power to synchronize people, information and activity across departments. It’s all about ensuring the right people get the right information at the right time so that actions can be taken quickly and efficiently to prevent damage or even disaster.
With a solid GRC plan in place, one has established clear objectives, delivered by actions and controls that have been developed with well defined rules and regulations. Three areas of overall risk management which, with the right tools and guidance, work in concert to help companies compete and thrive in a world impacted by today’s digital transformation. While GRC is not a single tool, its concept is to see that the plans, procedures and processes across all departments are working together in the most effective way.
The successful application of Governance, Risk Management and Compliance means that a company can reduce costs, eliminate duplicate activities, and see an increase in the quality of information and the efficiency of workflows. Iceberg Networks can help you achieve these results. We have the expertise and experience to set you on the right path or to strengthen the processes you already have in place. Talk to us about how we can work together to help you build a quality GRC plan.