Professional Documents
Culture Documents
Importance of GRC Governance
Importance of GRC Governance
Importance of GRC Governance
Exhibit 3.2 shows enterprise governance concepts with an executive group in the center and their
interlocking and related responsibilities for establishing controls, a strategic framework, performance,
and accountability. The exhibit shows some of the key concepts within each of these responsibility
areas. For example, for the strategic framework, there are the elements of corporate planning and
business activities, risk management, business continuity, IT and network, and internal audit.
A strong set of enterprise-wide GRC principles and components is necessary, and an effective risk
management program is a key component of enterprise GRC principles. Risk management must be
part of the overall corporate culture, starting from the board of directors, all senior officers, to the staff
that cover the entire organizational structure from the top to the bottom.
There are four interconnected steps in effective enterprise risk management GRC processes, as
shown in Exhibit 3.3 and as follows:
1. Risk assessment and planning
Adhering to these compliance-related requirements is a challenge for an enterprise and its related
stakeholders because:
• New regulations are frequently introduced
• Vaguely written regulations often require interpretation
• There is no consensus on best practices for compliance
• Multiple regulations often overlap
• Regulations are constantly changing
Exhibit 3.4 illustrates some issues an enterprise should consider as it attempts to establish its
scope and approach to GRC compliance.