Governance, Risk and

Compliance (GRC)Framework
 Three Elements of Governance, Risk and
Compliance Process
 Governance is the oversight role and the process by
which companies manage and mitigate business risks.
 Risk management enables an organization to
evaluate all relevant business and regulatory
risks and controls and monitor mitigation actions
in a structured manner.
 Compliance ensures that an organization has
the processes and internal controls to meet the
requirements imposed by governmental bodies,
regulators, industry mandates or internal policies.
Governance:

 With an increase in activism among shareholders

and increased scrutiny from the regulatory
bodies, corporate boards and executive teams
are more focused on governance related issues
than ever before.
The Elements of Governance Process
Within the Organization

 Definition and Communication of Corporate Control

 Key Policies
 Enterprise Risk Management
 Regulatory and Compliance Management and
oversight (e.g. compliance with ethics and options
compliance as well as overall oversight of regulatory
issues)
 Evaluating business performance through balanced
scorecards, risk scorecards and operational dashboards
Risk Management:
 With the recent jump in regulatory mandates and
increasingly activist shareholders, many organizations
have become sensitized to identifying and managing
areas of risk in their business: whether it is financial,
operational, IT, brand or reputation related risk. These
risks are no longer considered the sole responsibility of
specialists.
 Executives and the boards demand visibility into
exposure and status so they can effectively manage the
organization’s long-term strategies.
Compliance:
 An initiative to comply with a regulation typically
begins as a project as companies race to meet deadlines
to comply with that regulation.
 However, compliance is not a one-time event –
organizations realize that they need to make it into a
repeatable process, so that they can continue to sustain
compliance with that regulation at a lower cost than for
the first deadline.
 The compliance process enables organizations to make
compliance repeatable and hence enables them to
sustain it on an ongoing basis at a lower cost.
Compliance:
 An initiative to comply with a regulation typically
begins as a project as companies race to meet deadlines
to comply with that regulation.
 However, compliance is not a one-time event –
organizations realize that they need to make it into a
repeatable process, so that they can continue to sustain
compliance with that regulation at a lower cost than for
the first deadline.
 The compliance process enables organizations to make
compliance repeatable and hence enables them to
sustain it on an ongoing basis at a lower cost.
Why GRC is Important Now?
The GRC Process
Benefits of Taking an Integrated GRC
Approach
 Have a dramatic positive impact on organizational
effectiveness by providing a clear, unambiguous
process and a single point of reference for the
organization
 Eliminate all redundant work in various initiatives
 Eliminate duplicative software, hardware, training and
rollout costs as multiple governance, risk and
compliance initiatives can be managed with one
software solution
 Provide a “single version of the truth” available to
employees, management, auditors and regulatory
bodies
End