3 Steps to develop a reassuring GRC infrastructure within the organization.

GRC offerings should address the need of its divisions and subsidiaries to comply with government regulations. This workshop will provide techniques to enhance the GRC management capabilities through automation and optimization of processes, record keeping, reporting, and disclosures. The GRC project must ensure that even the most diversified organization can identify the GRC crevices from the GRC gaps.

  • Step1. Methodology
    • Define the individual elements and overarching goals of GRC implementation ('my G is your R which is corporate C'?) and map them to the needs of each division.
    • Determine the GRC landscape. Document and prioritize the volume of corporate information, regulations, policies, controls and the GRC groups that have to be involved across the organisation.
    • Determine the (most) logical entry point as a pilot and develop a phased approach to all the divisions, subsidiaries in the GRC scope based on a business case that focuses on creating both short-term and long-term value to the enterprise.

  • Step2. Qualify the GRC services and IT specifications and solutions to fit the organization
    • Each of the GRC charter essentials have to be discussed with management. Based on the agreement and issues and items incorporated in the business case, provide assurance to ensure alignment of GRC activities across the organization.
    • GRC solution development and management support for the divisions and subsidiaries is to approve, align and decide the GRC policies, programs, and implementation. Thereafter validate the GRC reports and process improvement proposals
    • Develop recommendations for management regarding risk reporting feedback and improvements to the GRC/ERM staff.
    • Prepare 'standard reports' to help and develop recommendations for Executive Management on governance, risk appetite/tolerance levels and compliance.

  • Step3. Sample Deliverables. The GRC Center of Excellence (CoE) project will provide deliverables to align the current hot GRC business drivers within the organization.
    • Conduct on-site GRC knowledge sharing meetings to bring out major hot buttons and opportunities, especially when they are given a chance to vent.
    • Develop GRC presentations and sales kits for major GRC initiatives – Standard templates can be modified for industry and client specific opportunities and fairly short notice.
    • Conduct an annual GRC summit to align GRC business drivers with a defined GRC focus – This is a great means to network and develop strategic initiatives and campaigns.
    • The GRC learning/implementation curve/ process should provide the basis of preparing a GRC roadmap for the organization and push it to the required management level for decisions.