No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

GRC System Design and the Never-Ending Battle Against Ignorance, Incompetence, Unscrupulousness and Malevolence

by Jim Nortz
August 21, 2014
in Compliance
GRC System Design and the Never-Ending Battle Against Ignorance, Incompetence, Unscrupulousness and Malevolence

This article appeared previously Association of Corporate Counsel’s ACC Docket and is published here with permission from the journal.

I recently received an invitation to respond to the Open Compliance and Ethics Group’s (OCEG) GRC Maturity Survey. GRC is an acronym for governance, risk management and compliance that generally refers to systems and techniques designed to effectively govern commercial enterprises and manage operational and compliance risks. The stated purpose of the OCEG survey was to gather information regarding:

  • the level of integration of risk, compliance and performance activities and controls
  • the degree of confidence in ability to identify and manage risks and requirements
  • the use of technology to support GRC capability
  • GRC roles and organizational structures
  • metrics and measurement of capability operation and outcomes and
  • realized benefits of integrated capability and negative effects of siloed operations

I will be very interested in seeing the results, but my guess is that they will be very similar to those from a recent survey conducted by Ernst and Young, in which 67 percent of respondents indicated there was a strong need for GRC system improvement in their companies. Evidence validating this perception can be found on the front page of the Wall Street Journal nearly every day in stories about corporate scandal and risk management system failures of varying magnitudes.

If your company is one that not only feels a “strong need” for GRC improvement, but also wants to do something about it, you might benefit by taking a moment to consider the means by which you seek to enhance your firm’s ability to govern itself, manage its risks and comply with applicable rules. By “means,” I’m not referring to the GRC vendor or software system you might employ, but instead, to the three critical areas that are generally the focus of such efforts: information pipelines, dashboards and checks and balances.

Information Pipelines

Although corporate decision makers are awash in data regarding their organization’s financial performance, the same is not always true with respect to information relating to GRC system performance. Most senior managers may know their company’s projected earnings per share to the penny, but more often than not, they do not know the reliability of risk management and compliance systems their firm counts on to operate every day. These may include systems relating to such vital activities as financial controls, quality assurance, safety and environmental risk management, regulatory compliance, import/export controls, corporate policies and procedures, compliance auditing and monitoring, information security, physical security and supply chain management. Absent this knowledge, decision makers may be unaware of significant unmitigated enterprise risks, thus making it impossible for them to make reasoned judgments about the allocation of scarce resources to address system weaknesses. Time and again, we see the fruits of such ignorance in system failures that make the headlines like those that plagued JPMorgan in late 2012.

As a consequence, one of the principal means by which companies can improve their GRC performance is by building information pipelines that gather and deliver timely information to decision makers about risk management system reliability that is backed up by objective performance metrics. So, for example, in manufacturing operations where product quality is vital, company leadership should receive periodic reports regarding system reliability, as well as objective performance metrics such as parts per million defects. This will not guarantee superb product quality, but it provides leaders the information they need to effectively manage risks associated with product defects.

Dashboards

In the event you are successful in gathering data regarding GRC performance, you will likely produce more information than your company’s leadership can reasonably absorb. So, a key part of a GRC performance improvement effort must include the development of dashboards that present critical information to decision makers in a condensed format that is easily understood. The classic stoplight chart is a good example of the simplicity needed to convey meaningful information to leaders already on data overload. When presented with such a color-coded chart — where green represents “good enough,” yellow means “could use some improvement” and red means “substantial improvement required” — leaders need only focus on learning more about those areas that are red or yellow. If you are in charge of designing such dashboards, be sure to consult with those who will be using them to make sure you organize the data in a way that they would find most useful.

Checks and Balances

When contemplating the means by which you might optimize your company’s governance systems, you would do well to  take into account James Madison’s tenth essay in the Federalist Papers, in which he advocated strong constitutional checks and balances by observing that: “Enlightened statesmen will not always be at the helm.” As recent history has shown, this is just as true for corporations as it is for governments. In the past two decades, we have borne witness to great companies either being destroyed or brought to their knees by leaders who were less than “enlightened.” Any GRC system improvements you seek to employ should take this basic aspect of human nature into account. Rather than operating from the unrealistic presumption that all your leaders will be talented, honest and well-intentioned, you should presume instead that a certain percentage of your firm’s leadership will be incompetent, unscrupulous or malevolent, and design your GRC systems accordingly. In so doing, look for ways in which you can build checks and balances at every level in the organization so as to detect and minimize the impact bad actors can have on your firm.

Improving information pipelines and dashboards, and installing checks and balances is far easier said than done. If it were easy, 67 percent of companies would not think there was a great need for improvement. But it is an undertaking well worth the effort, because it is the most sensible way for corporations to both avoid catastrophe and optimize their performance over the long term.


Previous Post

FreedomPay Announces North America’s First Fully-Functional, PCI-Certified P2PE Technology for Merchants

Next Post

Managing the Shadow Cloud

Jim Nortz

Jim Nortz

Jim NortzJim Nortz is Founder & President of Axiom Compliance & Ethics Solutions LLC, a firm dedicated to driving ethical excellence by helping organizations implement effective compliance and ethics programs. Jim is a nationally recognized expert and thought leader in the field of business ethics and compliance with over a decade of experience serving multinational petrochemical, staffing, business process outsourcing, pharmaceutical and medical device corporations. Jim spent the first 17 years of his career as a criminal and civil litigator and Senior Corporate Counsel before becoming Crompton Corporation’s first Vice President, Business Ethics and Compliance in 2003. Since then, Jim has served as a compliance officer at Crompton and for five other multinational corporations, the most recent of which was as Chief Compliance Officer at Carestream Health. Jim has extensive experience in implementing world-class compliance and ethics programs sufficiently robust to withstand U.S. Department of Justice scrutiny. Jim is a frequent guest lecturer at the University of Rochester’s Simon School of Business, RIT’s Saunders School of Business, St. John Fisher College, Nazareth College and other law schools, universities and organizations around the country. Jim writes the monthly business ethics columns for the Association of Corporate Counsel Docket magazine and the Rochester Business Journal. Jim is a National Association of Corporate Directors Fellow, a member of the International Association of Independent Corporate Monitors and serves on the Board of Directors of the Rochester Chapter of Conscious Capitalism as the Board’s Secretary and Chair of the Governance and Nomination Committee. Previously, Jim served on the Board of Directors for the Ethics and Compliance Officers Association and the Board of the Rochester Area Business Ethics Foundation.

Related Posts

supply chain

Only 1 in 4 Manufacturers Have High Confidence in ESG Readiness of Their Supply Chains, Survey Finds

by Staff and Wire Reports
January 27, 2023

Ever-evolving regulatory requirements, consumer demand and investor expectations are all forcing manufacturers to increase the transparency of their supply chain,...

cco pressure

Survey: CCO Pressure High, Resources Low

by Staff and Wire Reports
January 27, 2023

Too few organizations are embracing compliance culture, according to a survey by FTI Consulting and Ethico, which found that while...

growth what next

Growing Pains: Mid-Sized Auditing Firms Are Seeing an Influx of New Clients, But at What Cost?

by Jey Purushotham
January 25, 2023

The era of exponential growth among mid-tier accounting firms is upon us, driven largely by the trend of top-tier firms...

board tech purchase

Directors: Don’t Approve a Tech Purchase Without Asking These Questions

by Jean Hill
January 25, 2023

Board directors don’t need to be able to fix a broken server, but they do need basic technology competence, which...

Next Post
Managing the Shadow Cloud

Managing the Shadow Cloud

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT