cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ADamelincourt
Retired

Root Corporate Governance into Business OperationsThis means that to be effective, a GRC framework must rely on two things:

  • A detailed representation of the processes which will allow for a more precise identification and assessment of the potential threats to your company. The same risk will not have the same impact when considered in two different processes or entities. In terms of assessments, context is everything.
  • Direct involvement of business users: GRC departments rely on feedback from operations. Only business users have the insight into their risks, so it is crucial to gather their input as directly and as thoroughly as possible.

Rooting your GRC framework into the very fabric of your operations all the way down to the day-to-day processes will accomplish these benefits:

  • Better assessment of risks and controls because the context will be taken into account, making for more precise evaluation, better identification of potential issues and, ultimately, better management of risks for that process.
  • The impact of risks and controls on the operational performance of processes can be considered. Once again, risks do not exist in a vacuum; they impact the ability of a process to reach its goals. By studying risks at the operational level, the performance implication of risks can be measured.
  • Business users, such as process owners, will be directly involved in the GRC process. Not only will they be able to deliver relevant input about the risks and controls in their process, it will also increase the accountability level throughout the company with risk and control responsibilities in each process being clearly established.

Rooting your Corporate Governance into your business operations is a good way to ensure that your GRC departments work effectively and deal with the risks the company is actually facing, not their abstract definition. Involving process owners and using a detailed representation of the company to map and assess risks are not nice to haves, they are a necessity.

For further reading, you may want to check out our brochure Implement Corporate Governance throughout your operations