SlideShare uma empresa Scribd logo

ERM v GRC: An Introduction

S
s0P5a41b
NegóciosEconomia e finanças
1 de 5
Baixar para ler offline
1 Enterprise Risk Management vs Governance-Risk-Compliance: An Introduction Enterprise risk management (ERM) and governance-risk-compliance (GRC) are fledgling industry categories, having only been recognized for approximately ten years. As such, there are many conflicting views even within industry circles on the scope of ERM v GRC practices. Further, ERM and GRC processes and software may be incorporated as methodologies or modules into related domains such as business intelligence (BI) and enterprise resource planning (ERP). Make Sence Florida, Inc. recognizes a clear distinction between ERM and GRC. ERM vs GRC In the current understanding of governance, risk and compliance (GRC) within an enterprise, GRC is a holistic methodology enabling a top-down approach to enterprise governance, risk and compliance. The ideal implementation of GRC is believed to result in a trickle-down indoctrination of corporate risk attitudes from the executive level to the enterprise front lines. The current reinforcing understanding of enterprise risk management (ERM) within an enterprise is that ERM is a useful rib in the protective umbrella that is GRC. ERM is viewed as a risk-centric methodology that utilizes source data collected into risk databases to provide risk reporting to enterprise divisions. The ideal implementation of ERM is believed to ensure an effective enterprise response that acts to mitigate or eliminate risks to enterprise assets and objectives as prioritized within the GRCendorsed model. These views of GRC and ERM are fantasies. In fact, genuine ERM is a disciplined, scientifically approached risk-driven methodology that utilizes enterprise risk data to inform governance and compliance policy. When implemented properly, ERM will effectively minimize risks to enterprise assets and objectives. In contrast, GRC is a fiat-driven regulation and compliance-facing, management and governance pseudoscience designed by and for largely bureaucratic objectives. GRC may poorly align with facts and realities of a particular enterprise’s actual risk environment. GRC currently pulls from ERM resources to validate GRC-endorsed business processes and functions. The power that GRC is currently accorded over ERM ignores a vital truth: Risk management is the most important discipline that must be mastered by an enterprise. COPYRIGHT 2O12 MAKE SENCE FLORIDA, INC. ALL RIGHTS RESERVED. DISTRIBUTION WITHOUT WRITTEN PERMISSION OF MAKE SENCE FLORIDA, INC IS PROHIBITED
2 Figure 1.1 Current Industry Snapshot of GRC: G+C Driven REGULATION Law, Government Entities and Audits [external] MANAGEMENT [internal] communication priorities priorities Governance and Compliance [defines risk requirements] GRC-Defined Requirements Enterprise Risk Subjective Risk Data ERM As seen in Figure 1.1, management and regulatory bodies act on governance and compliance divisions, which then set and prioritize risk issues to be addressed by ERM divisions. ERM divisions evaluate any identified risks and then inform governance and compliance divisions as to the range of risks and mitigating procedures for those risks. This information is then passed along by GRC back to management and regulators. Management is then expected to formulate strategies and make decisions based upon this information. Despite popular belief in the risk-centric nature of GRC, GRC’s actual interests in real business environments are vastly different. Governance and compliance functions are aimed at satisfying federal and state regulators as well as external auditors. This GRC focus is primarily driven by executive aversion to the penalties and consequences imposed by regulators and boards of directors if regulations and policies are breached. The scope and volume of risk reports generated by GRC are intended to insulate executive and line management from the consequences of adverse events, regardless of actual culpability. When external entities and governance, compliance and management entities make inquiries, the reports are produced to prove that the laws and regulations were followed to the letter. Under a dominant GRC regime, risk profiles and mitigation procedures may not cover the actual risk landscape in which the enterprise operates. Governance and compliance divisions may not understand that entire risk landscape, but still seize responsibility for formulating the scope of risk requirements. COPYRIGHT 2O12 MAKE SENCE FLORIDA, INC. ALL RIGHTS RESERVED. DISTRIBUTION WITHOUT WRITTEN PERMISSION OF MAKE SENCE FLORIDA, INC IS PROHIBITED
3 Risk management divisions receive poorly defined requirements and duly deliver muddled data sets. Subsequent evaluations derived from risk reports may underrate critical risk issues that threaten actual corporate interests, and overrate risks that appear to have greater impact on favored corporate policies. The policies based upon evaluations are biased or distorted in favor of bureaucratic concerns. These distorted policies are then propagated throughout an entire organization. When adverse risk events occur, mitigation procedures are found to be ineffective and result in high impact consequences. Ensuing internal investigations are hampered by the inability to properly identify risk owners. In an organizational failure, no single division is found to hold ownership of either process or risk. The limited latitude allowed to ERM divisions to objectively assess the domain of risk creates gaps in enterprise risk intelligence. These deficits can result in poor decision-making, adverse risk events and potential loss of enterprise reputation, revenue and market share. Corrected Risk-Driven Model Figure 1.2 All Enterprise Risk new risks to be re-evaluated ERM Assessed risks synthesized actions Governance and Compliance communication REGULATION Law, Government Entities and Audits [external] communication communication MANAGEMENT [internal] ERM is commonly viewed as a part of GRC. It should not. Risk acts as a force on all enterprise inputs, outputs, processes and assets, and is therefore pervasive throughout an enterprise. When ERM best practices are in place, they require that governance, compliance, management and regulatory concerns do not define enterprise risk aptitude but instead adapt risk aptitude to align with real world threats. Risks, whether external or internal, can act on any breach point of an enterprise. Wherever the primary breach point may be, it is the role of embedded risk teams that specialize in risk disciplines to assess and report risks to a centralized ERM. As seen in Figure 1.2, ERM then formulates a risk mitigation strategy COPYRIGHT 2O12 MAKE SENCE FLORIDA, INC. ALL RIGHTS RESERVED. DISTRIBUTION WITHOUT WRITTEN PERMISSION OF MAKE SENCE FLORIDA, INC IS PROHIBITED
4 based on facts. Timely comprehensive reports are communicated to operational entities, and senior management tiers, and regulators. Using these reports, management synthesizes strategies in consultation with ERM, governance and compliance process owners. The well-constructed policies that result from such composite-build strategies are then implemented throughout the organization. Ownership of risk is clear: risk discovery, identification, assessment, reporting and response are the responsibility of a centralized ERM and its embedded specialists. In real business environments, truly holistic risk-centric enterprises require all divisions - not just governance and compliance - to adapt operations to mitigate all external and internal risks to enterprise assets and objectives, using ERM-validated assessments and responses. Shifting risk responsibility entirely to ERM ownership reduces inter-divisional workloads drastically, allowing each division to properly focus on its primary discipline. Effective communication between embedded risk specialists and centralized ERM creates clarity and increases the impact and value of enterprise risk intelligence. Further, as a historical database is built, risk intelligence is integrated into a holistic, data-driven and flexible enterprise risk framework. Such a framework supports a more comprehensive and complete knowledge of the risk landscape. With empowered ERM divisions, executive benchmarks are informed and set by the facts of enterprise risk, not pervasive misconceptions. In turn, governance and compliance divisions are able to focus solely on risk-driven policy management, regulatory compliance and audit compliance. This reinforces the conclusion that governance and compliance success flows directly from competent ERM implementation. Business and risk communities worldwide are well aware of the issues Make Sence, Inc. has identified in current GRC/ERM roles and implementations. A substantial corpus of material has been published supporting these conclusions on the misalignment of GRC and ERM in enterprise environments. Our analysis of that material is validated by recent well-documented and highly public failures of current risk practices by high profile players in critical industries. In subsequent sections of this dossier, critical issues identified in the preceding paragraphs will be examined in-depth: • • • • • • How conflicts between executive, governance, risk management and compliance tiers and the subsequent consequences of those conflicts affect enterprise functions, assets and objectives. Why successful governance and compliance flows directly from competent ERM implementation. What undesirable outcomes can occur when governance and compliance are given dominance over ERM. What impact massive data and inadequate data have on effective data gathering, and data dissemination, collection, analysis and reporting. The specific industry problems directly related to incorrect use of quantitative and qualitative methodologies will be examined. Why existing software product implementation have similar weaknesses and consequences of those weaknesses to enterprises. What is the current structure of the risk management industry, and how it contributes to the risk management issues of GRC and ERM. How the industry would be transformed by enterprise realignment to a comprehensive ERM implementation. Who are the current industry players and companies of interest. A comprehensive SWOT analysis will be used in a side-by-side assessment. COPYRIGHT 2O12 MAKE SENCE FLORIDA, INC. ALL RIGHTS RESERVED. DISTRIBUTION WITHOUT WRITTEN PERMISSION OF MAKE SENCE FLORIDA, INC IS PROHIBITED
5 • • Why a new ontology of risk is needed. A new risk ontology rationalizing the discussion of risk by academics, risk experts and industry professionals will be presented. How Correlation Technology will radically change the approach and practice to enterprise risk theory, methodology and implementation. Innovations powered by Correlation Technology will provide never-before-seen solutions to challenges presented by current GRC and ERM implementations, the limitations of existing software, and the pervasive misconception of the true nature of risk. COPYRIGHT 2O12 MAKE SENCE FLORIDA, INC. ALL RIGHTS RESERVED. DISTRIBUTION WITHOUT WRITTEN PERMISSION OF MAKE SENCE FLORIDA, INC IS PROHIBITED

Recomendados

PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB
 
GDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping ELGDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping EL
Eugene Lee
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 ChecklistISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
Lloyd's Register Quality Assurance Nederland
 
Mm iso 27001 2013 +annex a
Mm iso 27001 2013 +annex aMm iso 27001 2013 +annex a
Mm iso 27001 2013 +annex a
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
Arul Nambi
 
Roadmap ASN Kabupaten Nagekeo (Matriks hasil analisis kebijakan)
Roadmap ASN Kabupaten Nagekeo (Matriks hasil analisis kebijakan)Roadmap ASN Kabupaten Nagekeo (Matriks hasil analisis kebijakan)
Roadmap ASN Kabupaten Nagekeo (Matriks hasil analisis kebijakan)
Nanang Priyo Utomo
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
Christian F. Nissen
 

Recomendados

PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB
 
GDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping ELGDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping EL
Eugene Lee
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 ChecklistISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
Lloyd's Register Quality Assurance Nederland
 
Mm iso 27001 2013 +annex a
Mm iso 27001 2013 +annex aMm iso 27001 2013 +annex a
Mm iso 27001 2013 +annex a
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
Arul Nambi
 
Roadmap ASN Kabupaten Nagekeo (Matriks hasil analisis kebijakan)
Roadmap ASN Kabupaten Nagekeo (Matriks hasil analisis kebijakan)Roadmap ASN Kabupaten Nagekeo (Matriks hasil analisis kebijakan)
Roadmap ASN Kabupaten Nagekeo (Matriks hasil analisis kebijakan)
Nanang Priyo Utomo
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
Christian F. Nissen
 
ISO/IEC 27001:2022 Transition Arragements
ISO/IEC 27001:2022 Transition ArragementsISO/IEC 27001:2022 Transition Arragements
ISO/IEC 27001:2022 Transition Arragements
ISONIKELtd
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
Akhil Garg
 
ISMS User_Awareness Training.pptx
ISMS User_Awareness Training.pptxISMS User_Awareness Training.pptx
ISMS User_Awareness Training.pptx
Mukesh Pant
 
Implementasi sistem informasi pada program aplikasi muhammad iqbal razif
Implementasi sistem informasi pada program aplikasi muhammad iqbal razifImplementasi sistem informasi pada program aplikasi muhammad iqbal razif
Implementasi sistem informasi pada program aplikasi muhammad iqbal razif
Iqbal Ajib
 
Sgsi vs plan director si
Sgsi vs plan director siSgsi vs plan director si
Sgsi vs plan director si
ROBERTH CHAVEZ
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic Management
Marcelo Martins
 
Sk pembentukan kpprs
Sk pembentukan kpprsSk pembentukan kpprs
Sk pembentukan kpprs
Bagus Novariyanto
 
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
Jerimi Soma
 
PPT PENINGKATAN TIM MUTU.pptx
PPT PENINGKATAN TIM MUTU.pptxPPT PENINGKATAN TIM MUTU.pptx
PPT PENINGKATAN TIM MUTU.pptx
Norainibrpane
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdf
mohammed539963
 
ISO 27001 - three years of lessons learned
ISO 27001 - three years of lessons learnedISO 27001 - three years of lessons learned
ISO 27001 - three years of lessons learned
Jisc
 
ISMS Requirements
ISMS RequirementsISMS Requirements
ISMS Requirements
humanus2
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Cobit 5 for Information Security
Cobit 5 for Information SecurityCobit 5 for Information Security
Cobit 5 for Information Security
Seto Joseles
 
Permenkes 1171 tentang sirs
Permenkes 1171 tentang sirsPermenkes 1171 tentang sirs
Permenkes 1171 tentang sirs
Gafar Hartatiyanto
 
Pemetaan risiko.pdf
Pemetaan risiko.pdfPemetaan risiko.pdf
Pemetaan risiko.pdf
PPIMitrasiaga
 
PELAPORAN INSIDEN KESELAMATAN PASIEN.pdf
PELAPORAN INSIDEN KESELAMATAN PASIEN.pdfPELAPORAN INSIDEN KESELAMATAN PASIEN.pdf
PELAPORAN INSIDEN KESELAMATAN PASIEN.pdf
MohammadRizkiFerdian2
 
BSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Normes ISO 2700x - Badis RemliBSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Normes ISO 2700x - Badis Remli
Shellmates
 
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
PECB
 
Jeff kushner trends in grc management
Jeff kushner trends in grc managementJeff kushner trends in grc management
Jeff kushner trends in grc management
jpkush
 
The RSA GRC Reference Architecture
The RSA GRC Reference ArchitectureThe RSA GRC Reference Architecture
The RSA GRC Reference Architecture
EMC
 

Mais conteúdo relacionado

Mais procurados

ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
Cobit 5 for Information Security
Cobit 5 for Information SecurityCobit 5 for Information Security
Cobit 5 for Information Security
Seto Joseles
 
BSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Normes ISO 2700x - Badis RemliBSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Normes ISO 2700x - Badis Remli
Shellmates
 
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
PECB
 

Mais procurados (20)

ISO/IEC 27001:2022 Transition Arragements
ISO/IEC 27001:2022 Transition ArragementsISO/IEC 27001:2022 Transition Arragements
ISO/IEC 27001:2022 Transition Arragements
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 
ISMS User_Awareness Training.pptx
ISMS User_Awareness Training.pptxISMS User_Awareness Training.pptx
ISMS User_Awareness Training.pptx
 
Implementasi sistem informasi pada program aplikasi muhammad iqbal razif
Implementasi sistem informasi pada program aplikasi muhammad iqbal razifImplementasi sistem informasi pada program aplikasi muhammad iqbal razif
Implementasi sistem informasi pada program aplikasi muhammad iqbal razif
 
Sgsi vs plan director si
Sgsi vs plan director siSgsi vs plan director si
Sgsi vs plan director si
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic Management
 
Sk pembentukan kpprs
Sk pembentukan kpprsSk pembentukan kpprs
Sk pembentukan kpprs
 
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
 
PPT PENINGKATAN TIM MUTU.pptx
PPT PENINGKATAN TIM MUTU.pptxPPT PENINGKATAN TIM MUTU.pptx
PPT PENINGKATAN TIM MUTU.pptx
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdf
 
ISO 27001 - three years of lessons learned
ISO 27001 - three years of lessons learnedISO 27001 - three years of lessons learned
ISO 27001 - three years of lessons learned
 
ISMS Requirements
ISMS RequirementsISMS Requirements
ISMS Requirements
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
 
Cobit 5 for Information Security
Cobit 5 for Information SecurityCobit 5 for Information Security
Cobit 5 for Information Security
 
Permenkes 1171 tentang sirs
Permenkes 1171 tentang sirsPermenkes 1171 tentang sirs
Permenkes 1171 tentang sirs
 
Pemetaan risiko.pdf
Pemetaan risiko.pdfPemetaan risiko.pdf
Pemetaan risiko.pdf
 
PELAPORAN INSIDEN KESELAMATAN PASIEN.pdf
PELAPORAN INSIDEN KESELAMATAN PASIEN.pdfPELAPORAN INSIDEN KESELAMATAN PASIEN.pdf
PELAPORAN INSIDEN KESELAMATAN PASIEN.pdf
 
BSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Normes ISO 2700x - Badis RemliBSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Normes ISO 2700x - Badis Remli
 
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
 

Destaque

Jeff kushner trends in grc management
Jeff kushner trends in grc managementJeff kushner trends in grc management
Jeff kushner trends in grc management
jpkush
 
A systematic approach to pci compliance using rsa archer
A systematic approach to pci compliance using rsa archerA systematic approach to pci compliance using rsa archer
A systematic approach to pci compliance using rsa archer
Subhajit Bhuiya
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014
Paul Simidi
 
20120717 baker boundaries for business architecture v3
20120717 baker boundaries for business architecture v320120717 baker boundaries for business architecture v3
20120717 baker boundaries for business architecture v3
David Baker
 
Strategic Architecture
Strategic ArchitectureStrategic Architecture
Strategic Architecture
David Baker
 
Creating a Culture of Operational Discipline that leads to Operational Excell...
Creating a Culture of Operational Discipline that leads to Operational Excell...Creating a Culture of Operational Discipline that leads to Operational Excell...
Creating a Culture of Operational Discipline that leads to Operational Excell...
Wilson Perumal and Company
 
MEGA Webinar - PwC - Baker/Tong - EA & GRC, Separated at Birth
MEGA Webinar - PwC - Baker/Tong - EA & GRC, Separated at BirthMEGA Webinar - PwC - Baker/Tong - EA & GRC, Separated at Birth
MEGA Webinar - PwC - Baker/Tong - EA & GRC, Separated at Birth
David Baker
 
Business Driven Architecture for Strategic Transformation
Business Driven Architecture for Strategic TransformationBusiness Driven Architecture for Strategic Transformation
Business Driven Architecture for Strategic Transformation
David Baker
 

Destaque (18)

Jeff kushner trends in grc management
Jeff kushner trends in grc managementJeff kushner trends in grc management
Jeff kushner trends in grc management
 
The RSA GRC Reference Architecture
The RSA GRC Reference ArchitectureThe RSA GRC Reference Architecture
The RSA GRC Reference Architecture
 
FixNix GRC suite
FixNix GRC suiteFixNix GRC suite
FixNix GRC suite
 
A systematic approach to pci compliance using rsa archer
A systematic approach to pci compliance using rsa archerA systematic approach to pci compliance using rsa archer
A systematic approach to pci compliance using rsa archer
 
Enterprise Risk Management - GRC as a practice
Enterprise Risk Management - GRC as a practiceEnterprise Risk Management - GRC as a practice
Enterprise Risk Management - GRC as a practice
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
 
Rails On Spring
Rails On SpringRails On Spring
Rails On Spring
 
NTXISSACSC3 - Why Enterprise Information Management is the Key to GRC by Mika...
NTXISSACSC3 - Why Enterprise Information Management is the Key to GRC by Mika...NTXISSACSC3 - Why Enterprise Information Management is the Key to GRC by Mika...
NTXISSACSC3 - Why Enterprise Information Management is the Key to GRC by Mika...
 
Strategic architecture
Strategic architectureStrategic architecture
Strategic architecture
 
20120717 baker boundaries for business architecture v3
20120717 baker boundaries for business architecture v320120717 baker boundaries for business architecture v3
20120717 baker boundaries for business architecture v3
 
Strategic Architecture
Strategic ArchitectureStrategic Architecture
Strategic Architecture
 
Creating a Culture of Operational Discipline that leads to Operational Excell...
Creating a Culture of Operational Discipline that leads to Operational Excell...Creating a Culture of Operational Discipline that leads to Operational Excell...
Creating a Culture of Operational Discipline that leads to Operational Excell...
 
MEGA Webinar - PwC - Baker/Tong - EA & GRC, Separated at Birth
MEGA Webinar - PwC - Baker/Tong - EA & GRC, Separated at BirthMEGA Webinar - PwC - Baker/Tong - EA & GRC, Separated at Birth
MEGA Webinar - PwC - Baker/Tong - EA & GRC, Separated at Birth
 
150408 wpc business simplification overview v f
150408 wpc business simplification overview v f150408 wpc business simplification overview v f
150408 wpc business simplification overview v f
 
Business Driven Architecture for Strategic Transformation
Business Driven Architecture for Strategic TransformationBusiness Driven Architecture for Strategic Transformation
Business Driven Architecture for Strategic Transformation
 
Wilson perumal operating model design
Wilson perumal operating model designWilson perumal operating model design
Wilson perumal operating model design
 
Enterprise Risk Management Erm
Enterprise Risk Management ErmEnterprise Risk Management Erm
Enterprise Risk Management Erm
 

Semelhante a ERM v GRC: An Introduction

DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxDISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
madlynplamondon
 
An Industry Overview: Enterprise Risk Services and Products
An Industry Overview: Enterprise Risk Services and ProductsAn Industry Overview: Enterprise Risk Services and Products
An Industry Overview: Enterprise Risk Services and Products
s0P5a41b
 
Narayana Rao Mahankali Week 11 - DiscussionCOLLAPSETop of Fo.docx
Narayana Rao Mahankali Week 11 - DiscussionCOLLAPSETop of Fo.docxNarayana Rao Mahankali Week 11 - DiscussionCOLLAPSETop of Fo.docx
Narayana Rao Mahankali Week 11 - DiscussionCOLLAPSETop of Fo.docx
vannagoforth
 
ERM Evolving From Risk Assessment to Strategic RiskManageme.docx
ERM Evolving From Risk Assessment to Strategic RiskManageme.docxERM Evolving From Risk Assessment to Strategic RiskManageme.docx
ERM Evolving From Risk Assessment to Strategic RiskManageme.docx
russelldayna
 
Purposes of both internal and external audits in ERM Discussion.docx
Purposes of both internal and external audits in ERM Discussion.docxPurposes of both internal and external audits in ERM Discussion.docx
Purposes of both internal and external audits in ERM Discussion.docx
write30
 
Risk Monitoring and Management Trends In Commodities
Risk Monitoring and Management Trends In CommoditiesRisk Monitoring and Management Trends In Commodities
Risk Monitoring and Management Trends In Commodities
CTRM Center
 
Audit, control and enterprise wide risk management
Audit, control and enterprise wide risk managementAudit, control and enterprise wide risk management
Audit, control and enterprise wide risk management
peterObakozuwa
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
Dion K Hamilton
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_Articulate
Anthony Chiusano
 

Semelhante a ERM v GRC: An Introduction (20)

DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxDISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
 
An Industry Overview: Enterprise Risk Services and Products
An Industry Overview: Enterprise Risk Services and ProductsAn Industry Overview: Enterprise Risk Services and Products
An Industry Overview: Enterprise Risk Services and Products
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
 
Control Risks-ERM-whitepaper
Control Risks-ERM-whitepaperControl Risks-ERM-whitepaper
Control Risks-ERM-whitepaper
 
Narayana Rao Mahankali Week 11 - DiscussionCOLLAPSETop of Fo.docx
Narayana Rao Mahankali Week 11 - DiscussionCOLLAPSETop of Fo.docxNarayana Rao Mahankali Week 11 - DiscussionCOLLAPSETop of Fo.docx
Narayana Rao Mahankali Week 11 - DiscussionCOLLAPSETop of Fo.docx
 
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
 
ERM Evolving From Risk Assessment to Strategic RiskManageme.docx
ERM Evolving From Risk Assessment to Strategic RiskManageme.docxERM Evolving From Risk Assessment to Strategic RiskManageme.docx
ERM Evolving From Risk Assessment to Strategic RiskManageme.docx
 
Purposes of both internal and external audits in ERM Discussion.docx
Purposes of both internal and external audits in ERM Discussion.docxPurposes of both internal and external audits in ERM Discussion.docx
Purposes of both internal and external audits in ERM Discussion.docx
 
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
 
Risk Monitoring and Management Trends In Commodities
Risk Monitoring and Management Trends In CommoditiesRisk Monitoring and Management Trends In Commodities
Risk Monitoring and Management Trends In Commodities
 
Managing the Complexities of Governance, Risk & Compliance Requires
Managing the Complexities of Governance, Risk & Compliance RequiresManaging the Complexities of Governance, Risk & Compliance Requires
Managing the Complexities of Governance, Risk & Compliance Requires
 
task 1
task 1task 1
task 1
 
Integrated_GRC
Integrated_GRCIntegrated_GRC
Integrated_GRC
 
An approach to erm in the insurance industry apria 2002 rama warrier&preeti
An approach to erm in the insurance industry apria 2002 rama warrier&preetiAn approach to erm in the insurance industry apria 2002 rama warrier&preeti
An approach to erm in the insurance industry apria 2002 rama warrier&preeti
 
Audit, control and enterprise wide risk management
Audit, control and enterprise wide risk managementAudit, control and enterprise wide risk management
Audit, control and enterprise wide risk management
 
Fraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and valueFraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and value
 
Banking & Financial Services Strengthening GRC In The Banking & Financial Ser...
Banking & Financial Services Strengthening GRC In The Banking & Financial Ser...Banking & Financial Services Strengthening GRC In The Banking & Financial Ser...
Banking & Financial Services Strengthening GRC In The Banking & Financial Ser...
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
 
Risck intelligence in the energy and resources industry
Risck intelligence in the energy and resources industry Risck intelligence in the energy and resources industry
Risck intelligence in the energy and resources industry
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_Articulate
 

Mais de s0P5a41b

State-of-the-Art: Industry Challenges in ERM
State-of-the-Art: Industry Challenges in ERMState-of-the-Art: Industry Challenges in ERM
State-of-the-Art: Industry Challenges in ERM
s0P5a41b
 
The N-Dimensional Search Engine
The N-Dimensional Search EngineThe N-Dimensional Search Engine
The N-Dimensional Search Engine
s0P5a41b
 
The Business of Correlation Technology
The Business of Correlation TechnologyThe Business of Correlation Technology
The Business of Correlation Technology
s0P5a41b
 

Mais de s0P5a41b (9)

Building a Correlation Technology Platform Application
Building a Correlation Technology Platform ApplicationBuilding a Correlation Technology Platform Application
Building a Correlation Technology Platform Application
 
About Correlation Technology
About Correlation TechnologyAbout Correlation Technology
About Correlation Technology
 
Building a Correlation Technology Platform Application
Building a Correlation Technology Platform ApplicationBuilding a Correlation Technology Platform Application
Building a Correlation Technology Platform Application
 
Correlation Technology Business Solutions: Market Research
Correlation Technology Business Solutions: Market ResearchCorrelation Technology Business Solutions: Market Research
Correlation Technology Business Solutions: Market Research
 
State-of-the-Art: Industry Challenges in ERM
State-of-the-Art: Industry Challenges in ERMState-of-the-Art: Industry Challenges in ERM
State-of-the-Art: Industry Challenges in ERM
 
The N-Dimensional Search Engine
The N-Dimensional Search EngineThe N-Dimensional Search Engine
The N-Dimensional Search Engine
 
The Business of Correlation Technology
The Business of Correlation TechnologyThe Business of Correlation Technology
The Business of Correlation Technology
 
Correlation Technology Demonstration Slides
Correlation Technology Demonstration SlidesCorrelation Technology Demonstration Slides
Correlation Technology Demonstration Slides
 
Technical Whitepaper: A Knowledge Correlation Search Engine
Technical Whitepaper: A Knowledge Correlation Search EngineTechnical Whitepaper: A Knowledge Correlation Search Engine
Technical Whitepaper: A Knowledge Correlation Search Engine
 

Último

Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
amitlee9823
 
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
lizamodels9
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Sheetaleventcompany
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
Aggregage
 
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂EscortCall Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
dlhescort
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
dlhescort
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
dlhescort
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
lizamodels9
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
lizamodels9
 

Último (20)

Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂EscortCall Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 

ERM v GRC: An Introduction

  • 1. 1 Enterprise Risk Management vs Governance-Risk-Compliance: An Introduction Enterprise risk management (ERM) and governance-risk-compliance (GRC) are fledgling industry categories, having only been recognized for approximately ten years. As such, there are many conflicting views even within industry circles on the scope of ERM v GRC practices. Further, ERM and GRC processes and software may be incorporated as methodologies or modules into related domains such as business intelligence (BI) and enterprise resource planning (ERP). Make Sence Florida, Inc. recognizes a clear distinction between ERM and GRC. ERM vs GRC In the current understanding of governance, risk and compliance (GRC) within an enterprise, GRC is a holistic methodology enabling a top-down approach to enterprise governance, risk and compliance. The ideal implementation of GRC is believed to result in a trickle-down indoctrination of corporate risk attitudes from the executive level to the enterprise front lines. The current reinforcing understanding of enterprise risk management (ERM) within an enterprise is that ERM is a useful rib in the protective umbrella that is GRC. ERM is viewed as a risk-centric methodology that utilizes source data collected into risk databases to provide risk reporting to enterprise divisions. The ideal implementation of ERM is believed to ensure an effective enterprise response that acts to mitigate or eliminate risks to enterprise assets and objectives as prioritized within the GRCendorsed model. These views of GRC and ERM are fantasies. In fact, genuine ERM is a disciplined, scientifically approached risk-driven methodology that utilizes enterprise risk data to inform governance and compliance policy. When implemented properly, ERM will effectively minimize risks to enterprise assets and objectives. In contrast, GRC is a fiat-driven regulation and compliance-facing, management and governance pseudoscience designed by and for largely bureaucratic objectives. GRC may poorly align with facts and realities of a particular enterprise’s actual risk environment. GRC currently pulls from ERM resources to validate GRC-endorsed business processes and functions. The power that GRC is currently accorded over ERM ignores a vital truth: Risk management is the most important discipline that must be mastered by an enterprise. COPYRIGHT 2O12 MAKE SENCE FLORIDA, INC. ALL RIGHTS RESERVED. DISTRIBUTION WITHOUT WRITTEN PERMISSION OF MAKE SENCE FLORIDA, INC IS PROHIBITED
  • 2. 2 Figure 1.1 Current Industry Snapshot of GRC: G+C Driven REGULATION Law, Government Entities and Audits [external] MANAGEMENT [internal] communication priorities priorities Governance and Compliance [defines risk requirements] GRC-Defined Requirements Enterprise Risk Subjective Risk Data ERM As seen in Figure 1.1, management and regulatory bodies act on governance and compliance divisions, which then set and prioritize risk issues to be addressed by ERM divisions. ERM divisions evaluate any identified risks and then inform governance and compliance divisions as to the range of risks and mitigating procedures for those risks. This information is then passed along by GRC back to management and regulators. Management is then expected to formulate strategies and make decisions based upon this information. Despite popular belief in the risk-centric nature of GRC, GRC’s actual interests in real business environments are vastly different. Governance and compliance functions are aimed at satisfying federal and state regulators as well as external auditors. This GRC focus is primarily driven by executive aversion to the penalties and consequences imposed by regulators and boards of directors if regulations and policies are breached. The scope and volume of risk reports generated by GRC are intended to insulate executive and line management from the consequences of adverse events, regardless of actual culpability. When external entities and governance, compliance and management entities make inquiries, the reports are produced to prove that the laws and regulations were followed to the letter. Under a dominant GRC regime, risk profiles and mitigation procedures may not cover the actual risk landscape in which the enterprise operates. Governance and compliance divisions may not understand that entire risk landscape, but still seize responsibility for formulating the scope of risk requirements. COPYRIGHT 2O12 MAKE SENCE FLORIDA, INC. ALL RIGHTS RESERVED. DISTRIBUTION WITHOUT WRITTEN PERMISSION OF MAKE SENCE FLORIDA, INC IS PROHIBITED
  • 3. 3 Risk management divisions receive poorly defined requirements and duly deliver muddled data sets. Subsequent evaluations derived from risk reports may underrate critical risk issues that threaten actual corporate interests, and overrate risks that appear to have greater impact on favored corporate policies. The policies based upon evaluations are biased or distorted in favor of bureaucratic concerns. These distorted policies are then propagated throughout an entire organization. When adverse risk events occur, mitigation procedures are found to be ineffective and result in high impact consequences. Ensuing internal investigations are hampered by the inability to properly identify risk owners. In an organizational failure, no single division is found to hold ownership of either process or risk. The limited latitude allowed to ERM divisions to objectively assess the domain of risk creates gaps in enterprise risk intelligence. These deficits can result in poor decision-making, adverse risk events and potential loss of enterprise reputation, revenue and market share. Corrected Risk-Driven Model Figure 1.2 All Enterprise Risk new risks to be re-evaluated ERM Assessed risks synthesized actions Governance and Compliance communication REGULATION Law, Government Entities and Audits [external] communication communication MANAGEMENT [internal] ERM is commonly viewed as a part of GRC. It should not. Risk acts as a force on all enterprise inputs, outputs, processes and assets, and is therefore pervasive throughout an enterprise. When ERM best practices are in place, they require that governance, compliance, management and regulatory concerns do not define enterprise risk aptitude but instead adapt risk aptitude to align with real world threats. Risks, whether external or internal, can act on any breach point of an enterprise. Wherever the primary breach point may be, it is the role of embedded risk teams that specialize in risk disciplines to assess and report risks to a centralized ERM. As seen in Figure 1.2, ERM then formulates a risk mitigation strategy COPYRIGHT 2O12 MAKE SENCE FLORIDA, INC. ALL RIGHTS RESERVED. DISTRIBUTION WITHOUT WRITTEN PERMISSION OF MAKE SENCE FLORIDA, INC IS PROHIBITED
  • 4. 4 based on facts. Timely comprehensive reports are communicated to operational entities, and senior management tiers, and regulators. Using these reports, management synthesizes strategies in consultation with ERM, governance and compliance process owners. The well-constructed policies that result from such composite-build strategies are then implemented throughout the organization. Ownership of risk is clear: risk discovery, identification, assessment, reporting and response are the responsibility of a centralized ERM and its embedded specialists. In real business environments, truly holistic risk-centric enterprises require all divisions - not just governance and compliance - to adapt operations to mitigate all external and internal risks to enterprise assets and objectives, using ERM-validated assessments and responses. Shifting risk responsibility entirely to ERM ownership reduces inter-divisional workloads drastically, allowing each division to properly focus on its primary discipline. Effective communication between embedded risk specialists and centralized ERM creates clarity and increases the impact and value of enterprise risk intelligence. Further, as a historical database is built, risk intelligence is integrated into a holistic, data-driven and flexible enterprise risk framework. Such a framework supports a more comprehensive and complete knowledge of the risk landscape. With empowered ERM divisions, executive benchmarks are informed and set by the facts of enterprise risk, not pervasive misconceptions. In turn, governance and compliance divisions are able to focus solely on risk-driven policy management, regulatory compliance and audit compliance. This reinforces the conclusion that governance and compliance success flows directly from competent ERM implementation. Business and risk communities worldwide are well aware of the issues Make Sence, Inc. has identified in current GRC/ERM roles and implementations. A substantial corpus of material has been published supporting these conclusions on the misalignment of GRC and ERM in enterprise environments. Our analysis of that material is validated by recent well-documented and highly public failures of current risk practices by high profile players in critical industries. In subsequent sections of this dossier, critical issues identified in the preceding paragraphs will be examined in-depth: • • • • • • How conflicts between executive, governance, risk management and compliance tiers and the subsequent consequences of those conflicts affect enterprise functions, assets and objectives. Why successful governance and compliance flows directly from competent ERM implementation. What undesirable outcomes can occur when governance and compliance are given dominance over ERM. What impact massive data and inadequate data have on effective data gathering, and data dissemination, collection, analysis and reporting. The specific industry problems directly related to incorrect use of quantitative and qualitative methodologies will be examined. Why existing software product implementation have similar weaknesses and consequences of those weaknesses to enterprises. What is the current structure of the risk management industry, and how it contributes to the risk management issues of GRC and ERM. How the industry would be transformed by enterprise realignment to a comprehensive ERM implementation. Who are the current industry players and companies of interest. A comprehensive SWOT analysis will be used in a side-by-side assessment. COPYRIGHT 2O12 MAKE SENCE FLORIDA, INC. ALL RIGHTS RESERVED. DISTRIBUTION WITHOUT WRITTEN PERMISSION OF MAKE SENCE FLORIDA, INC IS PROHIBITED
  • 5. 5 • • Why a new ontology of risk is needed. A new risk ontology rationalizing the discussion of risk by academics, risk experts and industry professionals will be presented. How Correlation Technology will radically change the approach and practice to enterprise risk theory, methodology and implementation. Innovations powered by Correlation Technology will provide never-before-seen solutions to challenges presented by current GRC and ERM implementations, the limitations of existing software, and the pervasive misconception of the true nature of risk. COPYRIGHT 2O12 MAKE SENCE FLORIDA, INC. ALL RIGHTS RESERVED. DISTRIBUTION WITHOUT WRITTEN PERMISSION OF MAKE SENCE FLORIDA, INC IS PROHIBITED