5 Principles for Effective GRC Programs

Risk Management road sign

Risk Management road sign (Photo credit: Wikipedia)


French Caldwell from Gartner challenges the conventional wisdom that Governance, Risk and Compliance programs (GRC) are simply cost centers, not value creators.  Up until recently, the focus has been on maintenance, but if managed correctly, Caldwell says there is actually a tangible business value in GRC. 

In the new ‘ab’normal, agile players will align their enterprise risk management for both corporate performance and regulatory risks.  This means combining optimization of financial performance, employee engagement, productivity and supplier management with enhanced compliance and mitigation of regulatory risks. 

There are lots of technologies and service providers out there to help a company reach their goal, but the bottom line is to reach value added enterprise GRC companies need four things:

  1. More Analytics
  2. More Integration with More Automated Monitoring of Risks and Controls
  3. More Content
  4. More Services

Once you’ve decided that you want to get value out of GRC, Caldwell suggests using five architectural principles for building or enhancing your program:

  1. Simplicity
  2. Effectiveness
  3. Alignment
  4. Accountability
  5. Consistency

For a detailed breakdown of these principles, please check out the NYSE/Gartner webinar on Enterprise Risk.


Enhanced by Zemanta