Governance, Risk and Compliance framework: Context and definition

Posted by Thai Pham on

Corruptions, legal entanglements, business disruptions are some of the most prominent signs of poor governance, risk and compliance management (GRC) within an organisation. However, many companies are not fully aware of GRC, its importance, definition and best practices and would rather go with their hunch instead. This blog entry seeks to address the context for a governance, risk & compliance framework and what it really means.

grc compliance frameworkFirstly, businesses need to understand why GRC has emerged or out of what context was GRC born. Again, it is the uncertain economy. Although the global recession is giving way to a slow recovery, the increasingly complex environment means more risks, more pressures and more challenges. Stakeholders, investors as well as the public are at an all-time high level of skepticism. They expect and scrutinise more, prompting a need for critical governance reforms within organisations.

In short, business leaders including CFOs are facing pressures to:

  • Safeguard corporate reputation and brand value
  • Satisfy high expectations of investors, regulators, employees, customers and other key stakeholders
  • Drive value and enhance performance with strong governance, risk management and compliance framework
  • Overcome crisis while defending the business and its executives against legal enforcement, fines and disruption

Organisations have responded to these challenges in various ways. Some have adopted a piecemeal approach and addressed problems as they arise, due to limited time and resources. Others have revamped their processes but their efforts have resulted in fragmented programmes and systems. Best-in-class companies on the other hand, have aimed for an integrated governance, risk and compliance framework.

According to KPMG (2010), “it is a strategic approach to rationalizing risk management, controls, assurance structures and processes, and intelligent use of IT and data management structures supported by a strong organizational culture—ultimately, to deliver performance and compliance and enable enterprise resilience”.

The concept of GRC has been gaining recognition among Asia Pacific companies, with 73% of surveyed respondents claiming serious interest (KPMG, 2013). However, there are still misunderstandings surrounding what a governance, risk and compliance framework really entails, some of the most common include:

  • To implement GRC is to buy GRC software
  • The best GRC approach is to start from scratch and replace all processes/technologies
  • To ensure GRC compliance, there should be extra bureaucratic procedures within the organisation

In conclusion, GRC is about tying strategy with risk; integrating people, processes and systems; ensuring fast and accurate data flow; and ensuring integrity and compliance.

Stay tuned for the next blog post, where we will discuss success factors of a governance, risk and compliance plan.


grc governance risk compliance

Subscribe to our blogs to get great content delivered straight to your inbox!

Topics: Enterprise Performance Management (EPM)

Upcoming TRG Events

Latest Posts

Most Viewed Posts

Our Editorial Mission

rick yvanovich resized 174

 Rick Yvanovich
 /Founder & CEO/

With TRG International Blogs, it is our mission to be your preferred partner providing solutions that work and we will make sure to guide your business to greatness every day.

Subscribe to TRG Blog

Follow Us