Measure Twice: Cut Once - Risk-Based Governance Pays Off

AboutMission & StructureFounders & Leadership CouncilAdvisory BoardSteering CommitteeMedia Partners/AffiliatesManagement TeamContact Us / FeedbackTechnology CouncilStandards & GuidelinesFrameworkProcess FoundationRisk Area DomainsExposure DraftsTechnology / XMLResourcesGRC illustrated seriesTopics & GroupsCase StudiesGRC360 MagazineExposure DraftsGRC SourceBlogsGRC 360° - Driving Principled Performance™GRC TechnologyOCEG Technology BlogBenchmarking SeriesAudit & EvaluationMeasurement & Metrics GuideUpcoming EventsWebinar SeriesMember to Member NetworkNews & AnnouncementsJob Postingswhy join?How Can OCEG Help Me?Benefits Overview:: Governance:: Risk Management:: Audit:: Compliance:: Ethics & culture:: Technologyjoin / upgrade now

Measurement + Benchmarking

Events + Networking

why join?

You are here :: home > knowledge network > GRC 360 online > GRC 360: Summer-Fall 2006 Issue, Getting Connected: The Partnership Of Technology and GRC > Measure Twice: Cut Once - Risk-Based Governance Pays Off

MEASURE TWICE: CUT ONCE - RISK-BASED GOVERNANCE PAYS OFF

By Michael J. Duffy

Numerous and mounting regulations place pressure on companies of all sizes to protect against financial losses, reputational damage and reduced market valuation. In today’s highly regulated business world, a strong governance, risk and compliance (GRC) management program is critical. Implementing an effective business governance framework provides visibility into the business so it can operate for maximum performance. With business governance oversight, organizations are well equipped to determine how they should operate, make decisions and respond when things do not go according to plan.

Business governance is a board-level initiative to establish a continuous process, risk-based culture centered on accountability. It must be driven into the DNA of the organization so accountability can be achieved at the process owner level where expertise exists. With management driving goals, objectives and procedures into the operations of the business; and process owners returning information, knowledge, visibility and decision support to management, execution is improved and objectives are achieved. Better control over operations increases top-line and bottom-line performance and overall valuation.

A risk-based approach is the key to implementing business governance. Risk exists in every area of every organization, regardless of size or industry. There are internal risks associated with people, processes and systems, and risks from external events. From data entry errors to natural disasters, risk is everywhere. Today’s board members take a hands-on approach to strategy and oversight. They want to understnd what affects corporate performance—the internal and external risks that can keep an organization from performing as expected. But, to date, there have been no systems that provide boards with the real-time visibility and decision support needed to monitor and effect change on the organization and ensure that results meet expectations.

Forward-looking companies have implemented proactive initiatives to identify and manage risk. While operational risk management regulations exist for some industries, thought-leading organizations are implementing such practices without being forced by a specific mandate. They want to understand the impact of risk on the business. They realize that failures in people, processes and systems, and some external events, can cost the company money. If they can model the frequency and cost of potential risks, and implement controls to mitigate the impact, companies save money.

Organizations that take a risk-based approach to business governance gain an advantage in their compliance initiatives. A number of the activities required to perform compliance—such as documenting processes, risks and controls—are the same activities that help to manage risk. By integrating risk and compliance procedures, companies can gain efficiency and reduce compliance costs by eliminating redundancy of controls and duplication of work.

For example, Sarbanes-Oxley compliance requires companies to demonstrate control over financial reporting. To comply, the organization documents financial reporting processes, identifies risks to the process, implements controls to mitigate risks and periodically tests the controls to ensure they are effective. The organization’s risk management function evaluates the same financial processes to protect against operational losses from fraud or system failures. Companies that take a risk-based approach to business governance prevent operational losses while at the same time ensuring compliance with regulations—at a reduced cost.

Extending risk management even further, organizations can leverage compliance and risk management information to affect the strategic performance of the company. Strategic performance management examines risk versus potential reward; risk can be used as a decision-making process at all levels of the business, and the company can choose the objective(s) to tackle based on the likelihood of success.

Organizations that implement a business governance strategy will improve their business processes and help drive top-line growth and greater investor confidence. With a proven strategy in place that dictates how the company is operated; an organization can demonstrate to the financial markets that it is a well-governed business worthy of consumer confidence, brand value and a higher valuation.

Michael J. Duffy is the President and CEO of Open Pages. www.openpages.com

ABOUT THIS ISSUE

Actions:

Featured In

Measure Twice: Cut Once - Risk-Based Governance Pays Off >>