integrated approach to GRC is good business

Good Compliance is Good Business: The Tangible Benefits of an Integrated Approach to GRC

integrated approach to GRC is good business

Compliance professionals are often challenged with effectively making the business case for—and explaining how—an integrated approach to governance, risk and compliance translates into bottom-line financial benefits for the company.

A big part of this challenge may lie in how some professionals are trained to think about the regulatory drivers of compliance, rather than the equally compelling operational opportunities, and how that translates into making the critical points that resonate convincingly with management.

For many, it is almost a reflexive impulse to go straight to the familiar recitations of regulatory and legal requirements as the primary justification for the business processes that companies should implement to have an “effective” compliance program. This reinforces the notion that the company must undertake certain measures because the regulations say so, and, if the rules aren’t followed, there will be big fines or penalties to pay, as well as possible reputational harm.

Although having undeniable attention-getting attributes, such a singular focus can be a negative incentive in terms of influencing organizational behavior. While the legal drivers certainly are critical, these should not be the only emphasis points when communicating the operational advantages of governance, risk and compliance integration to senior executives.

Happily, there is an equally compelling message that can translate powerfully—and positively— with management: good compliance manifestly is good business.

For example, consider taking a step back from the paradigmatic way of communicating to boards about the metrics of compliance program effectiveness, such as incidents reported, risk assessments conducted and disciplinary actions taken. While essential to any holistic board presentation, a singular focus of this kind has a tendency to omit other equally important indicators of programmatic gaps, such as:

  • Disjointed operating strategies
  • Lack of effective oversight mechanisms
  • Organizational silos
  • Wasted resources and information
  • Unnecessary complexity
  • Lack of data integrity

Consider, therefore, augmenting the usual presentation of program metrics with other indicators of compliance program effectiveness, such as:

  • An aligned operating strategy
  • Effective oversight mechanisms
  • Integrated risk and control activities
  • Resource and personnel optimization
  • Streamlined business processes
  • Quality data and information

profit-increases-due-to-integrated-GRC-approachBy measuring and monitoring the operational benefits of an integrated approach to governance, risk and compliance, compliance professionals can assist management in making the critical connection between strong compliance processes and tangible business results in areas as wide ranging as revenue enhancement, reputation and brand protection, customer attraction and retention, higher profitability/lower costs, improved workforce performance, asset protection and so on. In other words, these are many of the key attributes of an effectively run business.

By keeping in mind what is important to the business bottom line, it is possible to build a more compelling a case for integrated governance, risk and compliance as a valuable enabler of the corporate strategy. Identifying the optimal marriage of compliance and operational goals requires an intelligent connection, integration and harmonization of the key activities that produce bottom line operational results. This involves gaining an understanding of current-state costs, locating redundancies, and identifying gaps and unnecessary complexities.

Having this fundamental understanding of the business can enable compliance professionals to play a crucial role in analyzing what is required to create the “new state,” including such key requirements as organizing people, process, and technology components, calculating transformation costs and projecting benefits that will capture and retain management’s attention.

A key benefit, of course, will be functioning in a productive, efficient environment in which all elements work together toward a common strategy of preventing and detecting compliance breakdowns. But there are also potential tangible benefits that directly correlate with other issues of importance to stakeholders (the business case elements mentioned earlier—e.g., revenue, reputational protection, customer attraction).

Ultimately, this is a model that assists the company to confidently take on even more upside, reasoned risk than before, because decisions are based on better information.

To summarize, some of the key benefits may include:

  • Higher quality information—integrating GRC information allows management to make more intelligent decisions more rapidly.
  • Process optimization—non-value-added activities are eliminated and value-added activities are streamlined to reduce lag time and undesirable variation.
  • Better capital allocation—identification of areas of redundancy and inefficiency allows financial and human capital to be allocated more effectively.
  • Improved effectiveness—the net effect of all the activities above means GRC activities are directed to the right people and departments.
  • Protected reputation—when risks are managed more effectively, company reputation is enhanced.
  • Reduced costs—lower costs contribute to the overall ROI gains represented by effective GRC activities.

Compliance professionals in general can advance the progress of their departments by understanding and communicating the business importance, value and ROI of effective governance, risk and compliance integration.

It’s time to take a fresh look at the usual approach. Accept the regulatory and legal case that companies must do these things, and focus on making a powerful business case for doing them, evolving a way of working that assists management in running the business better.

**********

Rob BiskupAbout the Author

Rob Biskup brings 25 years of in-depth experience in both professional services and the corporate sector to his current role as a director in Deloitte Financial Advisory Services LLP. His responsibilities comprise service as a regional leader of Corporate Compliance, Corporate Investigations and Forensic Accounting, and Foreign Corrupt Practices Act (FCPA) practice areas. In addition, he serves as the national automotive sector leader for Deloitte Financial Advisory Services.

This document contains general information only and Deloitte is not, by means of this document, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This document is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this document.

About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.

Copyright © 2011 Deloitte Development LLC. All rights reserved.
Member of Deloitte Touche Tohmatsu Limited

About the Author

Robert T. Biskup

Rob-Biskup Rob Biskup brings 25 years of in-depth experience in both professional services and the corporate sector to his current role as a director in Deloitte Financial Advisory Services LLP. His responsibilities comprise service as a regional leader of Corporate Compliance, Corporate Investigations and Forensic Accounting, and Foreign Corrupt Practices Act (FCPA) practice areas. In addition, he serves as the national automotive sector leader for Deloitte Financial Advisory Services. Rob came to Deloitte from Ford Motor Company, where he was the global head of compliance, with responsibility for compliance related activities at the parent company and 10 affiliates in 44 countries worldwide, and also served as Assistant General Counsel and Assistant Secretary. These roles in a Fortune 10 public company provided Rob with broad knowledge and experience associated with managing the complexities of crucial regulatory compliance and policy issues affecting large, international corporations. Prior to Ford, Rob practiced law with the international law firm of Sidley Austin LLP. To his columns in Corporate Compliance Insights, Rob brings extensive experience in developing and implementing corporate compliance programs and related governance structures, internal controls, monitoring, and auditing mechanisms. He also contributes deep experience with handling sensitive regulatory matters and internal investigations on behalf of management and boards, including investigations involving financial fraud and corruption. He has direct experience handling Foreign Corrupt Practices Act investigations and transactional due diligence reviews in high-risk countries around the world. Rob received a B.A. from Michigan’s University and a J.D. from Wayne State University. Rob can be contacted via email at rbiskup@deloitte.com. Rob wrote Stronger Spotlights, Larger Stages: The Expanding Role of the Chief Compliance Officer before beginning contributions to the regular column Your Risk Intelligent Enterprise™ for CCI with Henry Ristuccia and Donna Epps.

As used in this document, ‘Deloitte’ means Deloitte & Touche LLP, Deloitte Consulting LLP, Deloitte Financial Advisory Services LLP, and Deloitte Tax LLP, which are separate subsidiaries of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.

2 Comments

  1. Kevin Warmack
    January 25, 2012

    Throughout my 20+ year career as a compliance professional, the saying “good compliance is good business ” has been my calling card. In the financial services industry, there are hundreds of cases where firms and individuals have had to pay fines for simple failures that could have been avoided had they consulted with Compliance before making the move. Compliance persons are not “kill-joys” but our concern is that the firm should do it the right way and thereby avoid having to spend even more money because it was done wrong.

  2. Manohar Ganshani
    March 7, 2012

    Excellent ! Compliance management is no longer a part of cost center. With this perspective, it tells them how they can create a value and help enhance the bottom line of their organization. Well said, Rob.