Organisation Design and Implementation
Governance, risk and compliance (GRC) generally includes all of an enterprise's activities related to corporate governance and risk management, as well as compliance with regulatory requirements, internal policies and organizational control design. The complex accountabilities of GRC cut across functions, roles and responsibilities.
The unique nature of these activities raises questions about how they can be effectively and proactively managed. A fragmented control environment, unnecessary infrastructure, lack of automation, redundant requests of process owners and high audit costs are among the factors driving increases in GRC costs.
For many companies, the rate of increase in GRC costs is unknown, even as they implement more processes, frameworks and controls to mitigate their risks and comply with laws, regulations and internal policies. Lack of transparency makes it difficult to fully understand the end-to-end risk management and compliance infrastructure, including where it has been overbuilt, where redundant investments have been made and where controls may be ineffective. Focused implementation efforts can reduce costs in specific areas by as much as 30 percent, and in some cases even more.
We help companies address these management challenges by:
- Determining the current state of the internal environment. How does the organization establish the discipline for viewing, addressing and communicating risks and controls at the entity level.
- Determining the level of redundancy or omission in the responsibilities and execution of corporate functional activities for risk management and compliance. How does the organization coordinate control-requirement setting, align management and control activities, and streamline and integrate reporting around strategic, financial, operational and compliance risks.
- Rationalizing more efficient and effective controls and monitoring at the process level. How does the organization improve the quality, sustainability and cost-effectiveness of the internal control structure.
We facilitate the following focused implementation efforts:
- More clearly articulated objectives, roles, responsibilities and accountabilities, leading to more effective linkage between strategy and the design of risk management and compliance processes.
- Reduced complexity and redundancy and increased efficiency and effectiveness of entity-level oversight processes.
- Improved transparency into performance through effective metrics, measures and monitoring.
While solutions vary, the objectives are the same: to maximize the effectiveness of GRC spending, stop the spiraling increase in GRC-related costs and improve information for decision-making.