Sunder Krishnan, Chief Risk Officer, Reliance Nippon Life Insurance Company Limited
What is GRC?
GRC refers to the overall governance framework, policies, technology, control, and assurance mechanisms that an organisation has in place to manage and mitigate its risk and compliance risks in an increasingly complex business world.GRC is a holistic approach that brings together complex and disparate risk management activities and compliance activities across the organization, to efficiently align them with corporate strategy and reinforce organizational culture.
"Growing regulatory environment, higher business complexity and increased focus on accountability have led enterprises to pursue a broad range of governance, risk and compliance initiatives across the organization"
For the Board of Directors of a large company it is important to get a one stop shop view of integrated risks and a robust GRC framework provides the same with the help of systems, processes and technology. In the recent times, there have been several large organizations that have been adversely impacted due to operational risks on Risk Management silo side and / or regulatory issues on the Compliance silo side and / or Information Security Risks which are traditionally considered as a part of Operational Risks, but has now emerged as the fourth block to Credit, Market and Operational Risks in a BFSI (Banking & Financial Services Industry)
Need and Importance of GRC Systems
GRC has become an essential business application in organizations large and small, which are looking to gain a better understanding of their business in the context of today’s evolving risk landscape, where regulatory requirements are becoming more stringent, and corporate governance is in the spotlight. The risk management systems have failed in many cases due to corporate governance procedures rather than the inadequacy of computer models alone. Technology is starting to play a pivotal role in good corporate governance. Software vendors are mapping software development to purpose built frameworks such as COSO and Basel II. Real time reporting on the state of compliance of a division, business unit or company is priceless. Smart companies are going beyond what is required by the law, innovating new practices of their own. This sort of behavior is reaping shareholder rewards.
Organizations that are able to actively demonstrate an effective governance, risk and compliance framework can potentially create for them a competitive edge. These qualities have been shown to be of value to investors who are willing to pay a premium and to penalize those who cannot meet the standards of GRC that they require.
Growing regulatory environment, higher business complexity and increased focus on accountability have led enterprises to pursue a broad range of governance, risk and compliance initiatives across the organization. However, these initiatives are uncoordinated in an era when risks are interdependent and controls are shared. As a result, these initiatives get planned and managed in silos, which potentially increases the overall business risk for the organization. In addition, parallel compliance and risk initiatives lead to duplication of efforts and cause costs to spiral out of control. Governance, Risk, and Compliance process through control, definition, enforcement, and monitoring has the ability to coordinate and integrate these initiatives.
Uncertain times and a volatile economic climate have contributed to an expanding focus on corporate governance, risk, and compliance (GRC) across all industries. While some companies have met their risk and compliance challenges head on with insightful business strategies and powerful technology solutions, many are still struggling to reconcile traditional approaches and legacy systems with the rapid pace of change.
The intensity of change in today’s business environment requires new & innovative ways of thinking about risk management.
Combining robust analytics with mobility can take the effectiveness of your GRC program to the next level. Having the right data, and then being able to act and make decisions in a timelier manner can empower decision makers, thereby increasing their effectiveness
Benefits of Taking an Integrated GRC Approach
Many organizations find themselves managing their governance, risk and compliance initiatives in silos - each initiative is managed separately even if reporting needs overlap. It is critical that a GRC solution must be able to address a wide range of compliance and risk management initiatives so that an organization can leverage GRC to deploy a consistent framework across the organization for compliance and risk management.
By taking an integrated, enterprise-wide management approach, governance, risk and compliance can actually be turned into a profit-centre.
For any enterprise wide Governance Risk and Compliance Management System to be effective though, it must deliver a single, integrated management strategy across the whole organisation, be harmonious with the organizational or business goals and drill down into every-day business processes.
This approach provides a framework that immediately saves money, eliminates duplication and introduces increased efficiency and productivity into the business. This framework coordinates all areas from health and safety and employment legislation to high profile regulatory compliance areas such as Sarbanes Oxley and Basel II. It should integrate too with key market specific directives such as MiFID (Markets in Financial Instruments Directive) in the financial services industry.
Integrated GRC ensures that all organizational stakeholders have a clear understanding of what decisions need to be made, who should make them when. This eliminates confusion and uncertainty; two of the greatest threats to teamwork and the ability of teams to work well together.