GRC — Governance, risk, and compliance — represent a critical business concept that is (or should be) on the minds of everyone responsible for leading and/or governing organizations in today’s complex business arena, according to the lead article in the most recent edition of Tone at the Top, published by the Institute of Internal Auditors.
According to the Open Compliance and Ethics Group (OCEG), GRC is a system of people, processes, and technology that enables an organization to accelerate risk-intelligent decisions, improve organizational agility, and reduce system costs.
OCEG’s GRC Achievement Awards honor organizations that are exemplary in integrating governance, risk management, and compliance. The 2010 awards recognized the efforts of six leading companies:
- Best Buy — Using social media to stimulate dialogue on ethical issues, Best Buy has an ethics blog that is especially popular among its younger workers and customers.
- Capital One — By simplifying and standardizing risk management processes throughout the en- terprise, Capital One has enhanced its system of internal control and achieved an increased level of comfort and assurance.
- Carnival — Even in its globally decentralized environment, Carnival successfully integrated GRC, which resulted in greater balance and corporate autonomy, as well as enhanced internal control.
- DIRECTV — After addressing the inherent risks and challenges of spreadsheet data management, DIRECTV implemented entity-wide methods and programs designed to standardize the use, maintenance, and sharing of spreadsheets.
- Tawuniya — By linking GRC and performance management, Saudi Arabia’s leading general insurance agency created a corporate culture of effective risk management.
- VISA — By consolidating more than 3,400 requirements into a system that supports focused analysis, analytics, and assurance, VISA implemented a holistic, enterprise-wide approach to risk management.