Governance, Risk and Compliance (GRC) Resources

A collection of articles and tools to help align GRC programs

Increasing demand for board and executive accountability, ever-mounting regulatory requirements and spiraling compliance costs have combined to create an urgent imperative to improve governance, risk and compliance (GRC) processes and practices. We’ve compiled a collection of articles and tools to help you understand how an integrated GRC approach can drive business value. This GRC collection of resources is organized by topic.

Integrated GRC

Human Resources as a key strategist in the implementation and management of governance, risk management, and compliance.

Governance, risk, and compliance (GRC), is a term that is thrown about in many corporations and in the international market place. At no time in history has the importance of managing GRC in the global market place been more critical. As businesses expand into the global market place, corporations are placed under greater stress due to exposure to foreign corruption, hiring practices, cultural differences, and a sundry of other related issues have the potential to arise. This opens the door to potentially costly errors and corporate misconduct.

These challenges have created a greater need for the integration of HR functions as a key GRC strategy. Through GRC, a more systematic approach to governance occurs. In one or more issues, corporations have begun to recognize that it is generally one or more individuals who are intentionally or otherwise at the root of the GRC issues that arise. This has caused an expanding role of HR as an enterprise wide strategist who spends a great deal of time resolving GRC issues in the workplace.

Steward or Strategist?

In the past, Chief Human Resource Officers (CHROs) functioned primarily as stewards in the organization. The CHRO did not participate largely as an enterprise-wide strategist. Yet, in today’s global market place, the role of the CHRO has evolved as that of a strategist. This is largely due in part to interrelatedness of the two distinct elements in the successful HR department. These elements include a Business-Focused GRC and an HR Focused GRC. By definition the HR Focused GRC concentrates on workforce management, administration, and compliance. Business Focused GRC concentrates on the enterprise-wide issues such as reputation, market place value, and overall performance. These enterprise wide issues also include those moral and ethical dilemmas that face corporations today. Business Focused GRC also includes creating a climate and culture that encourages employees, vendors, and the entire enterprise to do the right thing for the right reasons.

HR-Focused GRC tends to be issues that affect smaller numbers of employees. An example of a micro issue could be an individual who is being sexually harassed in the workplace or an employee who is wrongfully terminated. While the Business-Focused GRC tend to be a macro focused issues that affect the entire enterprise and any shareholders. An example of this could be the theft of resources that turns into a corporate scandal. Yet, sometimes the HR-Focused GRC issue does become the Business-Focused GRC. An example of this would be the current financial disaster at AIG. The staff was authorized bonuses in the millions across the board that tarnished their reputation as they had just taken a government bailout to keep their business afloat.

Today’s GRC affects every part of the enterprise. Each one of the segments of the challenges faced has one issue in common – it is managed or operated utilizing a human component. CHROs and the HR function must use their unique knowledge, skills, and abilities to aid business leaders in the resolution of GRC issues across the enterprise.

Risk management: Are there troubled times ahead?

There are many lessons that have been learned by the current financial crisis; none more important than the importance of managing and mitigating “acceptable risk”. The staff at HW Associates has researched the issue of risk management and has proposed eight practical lessons to help organizations address perceived weaknesses in risk identification, assessment and management. The practical lessons outline methods to apply these lessons of “acceptable risk” to the global community.

Ten practical lessons and applications designed to address current weaknesses in risk management (given in no particular order):

• The various risk management systems should not be static; the systems should be adaptive.
• There must be executive buy in with senior executives leading the change from the top down.
• Within the organization, risk management must be given a higher status as an influence in the change and risk management process.
• Each corporation or organization must analyze the level of risk expertise within their working groups. This is especially important when analyzing risk level expertise in the executive corp.
• The employee value proposition (EVP) must be constructed in a manner that the incentive systems create and provide value for long-term stability and growth, not short-term profit that could potentially be lost in a volatile market system.
• Organizations need to develop systems that utilize human judgment and experience while analyzing the data that is part of the various risk models within the organizations.
• Through executive coaching, the use of stress testing and scenario planning will provide executives with appropriate tools to respond to various crisis and day to day events in the market place and organization.
• It is important to combine the various risk factors across each level within the organization’s operations. During times of economic downturns, upper management and employees should not rely too heavily upon data from external providers that have no link or contract with the organization.

Contact us for more information.

Last Updated: July 2, 2009
Source: HW Associates