• Internal auditors completing an internal audit of GRC Capabilities.
• Audit committee members, to gain an understanding of the means to achieve GRC objectives.
• Oversight and strategic personnel, including those charged with governance responsibilities, who need to understand the necessary and desirable components of a GRC Capability, and how to implement appropriate mechanisms within their organization.
• GRC strategic and operational professionals, such as chief compliance and ethics officers, as the Guide helps them to understand what to expect of an effective assessment program.
• Operational personnel who may be subject to GRC Capability audit, as the Guide provides useful preparatory information.

• The knowledge needed to plan and complete the audit
• Leading practice information regardingGRC
• Other useful resources that will support both efforts

There has never existed a time when having a GRC Capability was optional. From the first law creating the forms of business, there has been the need for a compliance capability that keeps the organization qualified to conduct business. From the first existence of a business as an entity, there has been the need for governance. From the first production of a good or service there has been a need for risk management. From the establishment of the first market, there has been a need for the predictability that accompanies ethical business conduct. However, the understanding of what constitutes an effective GRC Capability has certainly “hardened” over time. While management has always been responsible for executing GRC practices and the board has always been accountable for GRC practices and assessing management’s effectiveness, the level of scrutiny by the investing public and regulatory bodies has reached new levels.

Internal Audit is integral to precipitating the recognized need to redesign GRC Capabilities. In fact, when asked how respondents would change their GRC program if they could start with a blank sheet of paper, 56% indicated that they would completely overhaul the program.  The assessment of the effectiveness of the design and operation of the GRC Capability for an organization presents a prime opportunity for Internal Audit to generate benefits for the organization. By identifying the opportunities to improve GRC Capabilities, analyzing the resulting benefits and reduction of risk from improvement and helping to rank the priority of remediation initiatives, internal audit partners with GRC to drive value for the organization.

 

. . . Download the Guide to read further . . .