The relationship among those three components is significant, and there's a real threat to companies that haven't integrated them. For example, financial-services institutions have made significant investments in risk management and compliance for people, processes, and technology. But they didn't always make sure the message reached every corner of the enterprise. The result: huge compliance failures. In other cases, management took compliance seriously and adequate risk-management policies and procedures were in place, but the companies lacked the compliance monitoring to see that policies were followed.
An integrated approach can ensure that a comprehensive risk analysis is undertaken. GRC objectives should be a key part of overall business goals and an effective operating model to protect the franchise and instill responsible business conduct. Moreover, existing resources can be leveraged and business benefits can result.
See full Article.
Posts
