Academic journal article Management Accounting Quarterly

GRC Integration: A Conceptual Foundation Model for Success

Academic journal article Management Accounting Quarterly

GRC Integration: A Conceptual Foundation Model for Success

Article excerpt

Many public and private organizations are implementing and integrating governance, risk, and compliance frameworks across multiple industries and sectors. To provide uniformity and continuity throughout an organization, these enterprise-wide frameworks place governance, risk, and compliance activities under one overarching umbrella known as GRC. These efforts are integrated strategically across an organization.

As with any new strategic initiative, however, there are difficulties in presenting and tracking the initiative's maturity as the company implements it. Key stakeholders need to know that the initiative adds value and improves the organization as it matures during its life cycle. GRC integration is also experiencing this same challenge with a similar pattern of frustration and concern. Organizations are looking for timely and practical ways to better communicate and articulate what GRC means from an organizational alignment perspective and the value and success realized during its service life cycle.

This article introduces a new GRC Conceptual Foundation Model[TM] that establishes a more timely view or snapshot of the GRC framework for presentation to key stakeholders and to those who do not practice GRC. It also will highlight how a company can use this conceptual foundation economically as a basis to measure and guide success in integrating GRC.

[FIGURE 1 OMITTED]

Before I introduce the model, I will present the accepted GRC general knowledge of professional organizations and industry professionals.

Overview of GRC

A critical business concept, GRC integrates a risk-based management approach that is proactive, effective, and can be used throughout an organization. It provides organizations with a uniform view of information so they can align risk management with objectives, reduce complexity, diminish inconsistencies, and harness technology for desired outcomes. Not a replacement for internal control or compliance testing, GRC goes well beyond testing to create a comprehensive framework for managing risk and improving performance. It organizes risk management efforts rather than duplicating them, which reduces overall operating costs and assists in creating a more risk-intelligent organization.

Risk management professionals know that organizations worldwide have been facing unprecedented pressure to demonstrate accountability and stewardship to control fraud and abuse as well as meet new information technology (IT) security compliance requirements. As budgets have decreased or have remained constant and companies need greater efficiency and effectiveness, the focus on accountability has changed. Organizations now focus on broader views with a more uniform outlook regarding how technology, planning, and business processes align with enterprise-wide risk, compliance, and governance, as well as where these services reside and where duplicate efforts exist.

Figure 1 illustrates a typical high-level representation of GRC and details how various organizational components interact within a GRC framework. This illustration shows that governance, risk, and compliance activities--such as enterprise risk management, internal controls, and compliance testing--can and will indirectly or directly interact with and impact other key areas within a company's strategic planning, technology, and operation components.

As a company integrates GRC, practitioners expect common outcomes. These expectations further support the implementation of GRC across multiple business sectors and industries and are the primary outcomes and key areas tracked during the life cycle and maturity of GRC. Here are a few of the most common expected outcomes:

* Enterprise-wide risk framework and common language;

* Overall focus on strategic and tactical risks to stakeholder value;

* Maintaining an enterprise-wide perspective on governance, risk, and compliance;

* Sharing information and knowledge across GRC functions;

* Unified development and investment in technology and tools for GRC functions; and

* Integration of GRC activities. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.