العربية
中国
Français
Deutsch
Ελληνική
हिन्दी
Italiano
日本語
Português
Русский
EspañolGOVERNANCE, RISK MANAGEMENT, AND COMPLIANCE
'Governance, Risk, and Compliance' or "GRC" is an increasingly recognized term that reflects a new way organizations focus on and manage an integrated approach to these three areas.
According to Michael Rasmussen, a well regarded industry analyst at Forrester Research, the challenge in defining GRC is that individually each term has "many different meanings within organizations. There is corporate governance, IT governance, financial risk, strategic risk, operational risk, IT risk, corporate compliance, Sarbanes-Oxley (SOX) compliance, employment/labor compliance, privacy compliance . . . you get the picture."[1]
According to Scott L. Mitchell, Chairman & CEO of the Open Compliance and Ethics Group or OCEG, is "there are substantially more processes than governance, risk and compliance playing critical roles in GRC. But 13-letter acronyms rarely catch on."[2]
Typically GRC solutions are Enterprise Software that enables businesses to comply with legal requirements. Examples for such requirements are regulation like the Sarbanes-Oxley Act, Basel II and local requirements for occupational health and safety. Failure to meet these standards can lead to severe legal penalties or civil liability.
Initial interest in GRC was driven by the Sarbanes-Oxley Act, but GRC software requirements have changed and now are seen as a means to achieve Enterprise Risk Management. Specifically to evolve from managing risk as a transaction or compliance activity to adding business value by improving operational decision making and strategic planning.
GRC software becomes the governance platform for defining, maintaining, and monitoring risk.
OCEG, a non-profit organization that provides a performance framework for integrating governance, compliance, risk management and culture, is one of the leading voices for GRC. OCEG has developed a Measurement and Metrics Guide (MMG) for assisting in measuring and reporting on the performance of compliance and ethics programs. This measurement platform advocates that program objectives be aligned with and contribute to the enterprise objectives in a tangible way. In order to achieve desired program outcomes, an organization should design processes and practices that effectively measure program dimensions on three key dimensions: effectiveness, efficiency and responsiveness.
Reveleus, a subsidiary of i-flex solutions, is the first company to issue a GRC Framework for the financial services industry, according to BobsGuide, an industry news site.[3]
Several consultancy firms have become very active in promoting Best Practices and tools, such as SAP GRC Access Control (formerly known as Virsa). According to a Forrester research this area has enormous growth potential for the next years to come. Leaders are Axentis and QUMAS because of their thoroughness in covering the GRC space, while BWise and IBM also fall into the this category with platforms that have been used for a variety of GRC purposes. Newer more more specialized firms like SECUDE Global Consulting are gaining ground due to their unrivaled expertise and close relationship to SAP.
1. Governance, Risk & Compliance Intelligentsia by Michael Rasmussen, "What is GRC?," Aug. 9, 2007 [1]
2. GRC 360 Degrees: Driving Principled Performance by Scott L. Mitchell, "More than Three Letters," Aug. 24, 2007 [2]
3. BobsGuide, "Reveleus Unveils the First Governance, Risk and Compliance Framework for the Financial Services Industry," Jan. 31, 2007 [3]
According to Michael Rasmussen, a well regarded industry analyst at Forrester Research, the challenge in defining GRC is that individually each term has "many different meanings within organizations. There is corporate governance, IT governance, financial risk, strategic risk, operational risk, IT risk, corporate compliance, Sarbanes-Oxley (SOX) compliance, employment/labor compliance, privacy compliance . . . you get the picture."[1]
According to Scott L. Mitchell, Chairman & CEO of the Open Compliance and Ethics Group or OCEG, is "there are substantially more processes than governance, risk and compliance playing critical roles in GRC. But 13-letter acronyms rarely catch on."[2]
Typically GRC solutions are Enterprise Software that enables businesses to comply with legal requirements. Examples for such requirements are regulation like the Sarbanes-Oxley Act, Basel II and local requirements for occupational health and safety. Failure to meet these standards can lead to severe legal penalties or civil liability.
Initial interest in GRC was driven by the Sarbanes-Oxley Act, but GRC software requirements have changed and now are seen as a means to achieve Enterprise Risk Management. Specifically to evolve from managing risk as a transaction or compliance activity to adding business value by improving operational decision making and strategic planning.
GRC software becomes the governance platform for defining, maintaining, and monitoring risk.
OCEG, a non-profit organization that provides a performance framework for integrating governance, compliance, risk management and culture, is one of the leading voices for GRC. OCEG has developed a Measurement and Metrics Guide (MMG) for assisting in measuring and reporting on the performance of compliance and ethics programs. This measurement platform advocates that program objectives be aligned with and contribute to the enterprise objectives in a tangible way. In order to achieve desired program outcomes, an organization should design processes and practices that effectively measure program dimensions on three key dimensions: effectiveness, efficiency and responsiveness.
Reveleus, a subsidiary of i-flex solutions, is the first company to issue a GRC Framework for the financial services industry, according to BobsGuide, an industry news site.[3]
Several consultancy firms have become very active in promoting Best Practices and tools, such as SAP GRC Access Control (formerly known as Virsa). According to a Forrester research this area has enormous growth potential for the next years to come. Leaders are Axentis and QUMAS because of their thoroughness in covering the GRC space, while BWise and IBM also fall into the this category with platforms that have been used for a variety of GRC purposes. Newer more more specialized firms like SECUDE Global Consulting are gaining ground due to their unrivaled expertise and close relationship to SAP.
| Contents |
| References |
References
1. Governance, Risk & Compliance Intelligentsia by Michael Rasmussen, "What is GRC?," Aug. 9, 2007 [1]
2. GRC 360 Degrees: Driving Principled Performance by Scott L. Mitchell, "More than Three Letters," Aug. 24, 2007 [2]
3. BobsGuide, "Reveleus Unveils the First Governance, Risk and Compliance Framework for the Financial Services Industry," Jan. 31, 2007 [3]
This article provided by Wikipedia. To edit the contents of this article, click here for original source.
psst.. try this: add to faves
