Thursday, December 10, 2009

Introduction to Governance, Risk and Compliance (GRC)

What is Governance, Risk and Compliance (GRC)?


GRC is acronymic for Governance, Risk and compliance. The need to gain investors confidence and the continuous rollout of regulations and legislation that borders on how business is conducted can be adjudged the drivers of GRC.

These set of words are closely related and should be not approached from a disjointed point of view, but as a holistic concept that should drive business activities. I do not intent to explain these concepts in detail in this post. The intent of this post is to define these concepts especially as it applies to business processes.

Governance
The G in GRC is for Governance. Governance revolves round the policies, principles, procedures and strategies within which a corporation operates. This suffices to say that governance is a definition of standards and strategies that guides the operation of a business entity. This concept involves the direction of the affair of a business. The responsibility of governance to a large extent lies with executive committee or top management of an organization.

Risk
The R in GRC is for Risk. Risk basically is the uncertainty of an event occurring. The events need not to be necessarily unfavorable. The fact that its impact posses some sort of ambiguity makes it important to manage and control risk. Not properly reacting to risk can spell doom for an organization. Risk management involves a set of activities which includes identifying, analyzing, reacting and monitoring risk.

Compliance
The C in GRC is for Compliance. Compliance is simply adhering to defined policies, procedures, strategies, legislations and regulations. Compliance is a doing word and it is of course ongoing. There is more to having policies and procedures defined, compliance actually justifies their existence.


Governance is a “top management” activity that defines the rules that guides the day-to-day running of a company. These procedures and policies are not static because businesses too are dynamic and legislations and regulations changes thereby impacting on the way businesses run. In doing business, individuals and organizations are expected to comply with defined procedures and policies within the framework allowed. There are inherent risks involved in carrying out business transactions. Risk management entails the enforcement and implementation of procedures and policies. The cost of non-compliance is huge and grave both for the investor and the organization.

Doing business in this era of stringent legislations, stiff competition, credit crunch, global economic recession, globalization and unfavorable investment climate is a complex puzzle for any corporation to demystify. Hence, for companies to compete favorably, it is expedient to adopt an integrated methodology to governance, risk and compliance.

No comments: