We’ve all hear the old adage “what gets measured gets done” and this applied equally to GRC management actions and controls, which must be reviewed for operational effectiveness.Beyond that, we must consider that changes to the external and internal context may render our current actions and controls ineffective, so we must review the designs we have put in place. When operational effectiveness is poor, or context changes are significant, the organization must redefine acceptable actions and controls or reconsider and refine its objectives and strategies. We should be asking ourselves:
How can we best monitor and measure the performance of all defined actions and controls?
When and where should we establish feedback loops and “lessons learned” assessments?
What steps do we take to improve design and operations of actions and controls?
Are we able to provide assurance to governing authorities about the design and operating effectiveness of actions and controls and their contribution to the achievement of objectives?
These are just some of the questions that we will address in this webcast, which focuses on the “Review” component of the new GRC Capability Model 3.0 (Red Book).
Join OCEG, The IIA and ACL, sponsor of the fourth installment in the GRC Capabilities Illustrated infographic series, as we discuss how to review and ensure design and performance of GRC capabilities.
Sergiu Cernautan, Director, GRC Strategy, ACL
Jim Pelletier, Vice President, Professional Solutions, The Institute of Internal Auditors