Governance, Risk, and Compliance (GRC) is considered as the coordinated policy of the company which mainly manage the large number of issues related to the corporate governance, enterprise risk management (ERM) and corporate compliance in context of the regulatory requirements. GRC is the combined groups of the capabilities which mainly ensure that company achieve all the objectives, able to address the uncertainty, and also conduct all its actions with the integrity (OCEG, n.d.).
GRC is not the concept which is covered under the three words that are Governance, Risk, and Compliance, which means it is more than these three words. GRC is the concept which focuses on the critical capabilities of the organization that must work together for the purpose of achieving the principled performance. These capabilities of the organization include governance, management, performance, risk, and compliance activities. This concept highlights the working of different areas such as internal audit, compliance, risk, legal, finance, IT, HR, and also the lines of business, executive suite and the board itself (Narasimhan, 2017).
This report mainly addresses the present risk management process in context of the compliance management which also includes the formation of the money laundering/financial crime prevention teams. This report is prepared in context of the Banking Sector in context of Banks of International Settlements (BIS) in the jurisdiction of the United Kingdom.
Structure of this report includes the description related to the each stage of the risk management process, and also the explanation related to the requirement of this process. This report also includes the recommendations for the improvement of the existing process. Further, it includes the discussion in context of the effectiveness of the management of risk by the function of compliance.
Governance, Risk, and Compliance is the concept which helps the organization in achieving its objectives, which is accompanied with the responsibility to run the organization. It includes number of processes and practices related to the different functions and departments of the organization.
GRC might be implemented with the help of dedicated platform and other tools, but this is not the necessary requirement. It is not important for the organization set-up a separate department for the GRC, as there are number of organizations which establish teams for the purpose of performing the functions related to the GRC (Lindros, 2017).
As stated in the definition, meaning of the GRC does not end with the three words that are governance, risk, and compliance management, but it also includes the assurance and performance management of the organization. Now, scope of the GRC extended to information security management, quality management, ethics and values management, and business continuity management (Murari, 2013).
If GRC framework is implemented in effective manner in the organization then it helps in reducing the risk and improving the control effectiveness, security and compliance through the combined and united approach which decrease the bad effects of the organization redundancies.
In the present situation, important of the GRC management is highest because of the difficult nature of the business models and different operations in the organization. Risk is the factor which is present at each and every stage of the organization, and whenever organization violates any law and regulation it faces huge risk. In case risk and compliance management is not adequate, then it exposes the organization towards the number of risks.
It must be noted that, cost paid by organizations for any mistake or non-compliance is very high, and it also affects the reputation of the organization in adverse manner. This can be understood through example, Japanese company known as Takata who was engaged in manufacturing the air bags of car. Takata installed air bags in the car, but these air bags were dangerously faulty, because of which Takata needs to recall the large number of cars from the market. Takata becomes responsible for the largest auto recall in the history (Bora, 2018).
Non-compliance of the regulatory provisions not only impacts the reputation of the organization in adverse manner but also result in the huge financial penalties and revocation of licenses. Faulty or troublesome business models also make their contributions in context of the downfall or reduction in the growth level of the organization. Now a day, there is more complex business models in the organization and because of this organization adopt automatic tools for managing the risk and compliance, and also ensure implementation of the governance around it. Automatic tools help the organization in efficient and effective management.
Above stated facts make it clear that, GRC is the concept which becomes most important approach in the present business scenario and without this approach it becomes almost impossible for the business to survive in the present business environment.
Compliance risk is also known as the integrity risk, as there are number of compliance obligations which are framed for the purpose of ensuring the fair and ethical operations in the organization. Compliance risk management is the most important area of the GRC framework. This area of the GRC framework mainly includes the incident management, internal auditing, operational risk assessment, and compliance with regulations.
Non-compliance will result in severe consequences for the organization such as penalty and personal liability such as payments related to the damages, fines, and voided contracts. It also results in the loss of reputation and also the business opportunity, and devaluation of the organization franchisee.
Operations conducted in banks play important role in achieving the objectives framed by the banks and it also ensures the financial strength and freedom. Banks generally conducts customer related banking activities, and also the activities related to the investment of its equity. All these activities of the banks result in the risk related to the financial transactions and comprising credit, and also the market and liquidity risks. However, some other important risks are also there such as operational risk. In context of this risk framework, it is necessary for the organizations to establish the risk management policies for the purpose of ensuring the identification, monitoring, and reporting of these risks. For fulfilling these objectives bank frame the independent and integrated function of risk management, as this function covers financial, operational, and also the risk related to the non-compliance.
Risk management units develop the alternative policies and process, and also ensure that banks complied with the applicable rules and regulations.
GRC framework provides support to the number of functions of the organization, and some of these functions which are supported by the GRC framework in the BIS are stated below:
Vendor management: In this GRC play important role and ensure the effective and efficient management of this department by relationship management and compliance monitoring. It also facilitates the risk-based vendor selection approach.
Policy Management: GRC provides support in context of the documentation, workflow, and policy lifecycle from the creation till the review of the same. It also ensures the amendments in the policy and also the mapping of the policies with the help of authoritative sources.
Risk and compliance management: GRC provides support to the risk management professionals in context of the documentation, workflow, valuation and study, reporting and remediation of risks. It also allowed the organization to understand the risk carriage and it also manage in context of the cost effective manner. GRC enables the organization in context of the better management of the compliance position by performing surveys and self-assessments, attestation, testing and remediation. It also provides support in terms of the ability to reply to the changes occurred in the regulations (SDS, 2014).
Instead of choosing the different solutions in context of issues related to the compliance, organizations prefer to choose the single platform of GRC. It must be noted that, whenever it is required, organizations choose integrated solutions for the purpose of satisfying the particular needs of GRC in the organization. GRC ensures the compliance in each and every area of the business and also ensure the compliance with the national and internal laws and regulation, if any applicable on the organization.
Reporting and managing the risk and compliance with the help of single platform generally provides the all-inclusive opinion of the organization risk and compliance bearings to the both executives and senior management of the organization. It can be said that, GRC platform provides the functionality that provides the integrated approach over the wide range of the GRC business requirements. There are number of sources from which information is taken by the GRC platform, and all these sources are considered as important tools of the GRC platform. This can be understood through example, dashboards and data analysis tools allowed the administrators for the purpose of identifying and organizing the exposure related to the risk, compliance in context of the external laws and regulations and also the fast quickly administer vendor or client audits.
The most important role of the GRC is lie in this area, which means, GCR ensures the compliance with laws and regulations, and also ensures that organization does not face any penalty and financial obligations because of the non-compliance. Non-compliance also affects the reputation of the organization in adverse manner. All these issues can be resolved through the GRC compliance of the organization (Gillis, 2013).
Disaster recovery management: GCR helps in ensuring the business continuity in terms of the disaster by ensuring the recovery from the disaster and crisis management. It also accesses the critical position of the business processes, technologies. This framework helps the organization in developing the plans which ensure business continuity and also the disaster recovery plans by using the automatic workflow in terms of testing the plans and getting approval. GRC also allowed the organization to conduct the business impact analysis for the purpose of better understand the value related to the business processes and the people, application, and system that provide support to the processes.
Audit services: In this GCR provides support to the internal auditors in context of managing the work papers and scheduling the tasks related to the audit services, and also the time management and reporting. Internal audit is considered as the approach which ensures strong relationship with the compliance in the organization, as both addresses the difficult control factors related to the structure of the organization. Effective implementation of the GCR framework in the internal audit not only ensures compliance but also decrease the matters related to the abuse. If GCR is implemented with proper efficiency and authenticity in the function of the internal audit then it empowers those who are responsible for the compliance for the purpose of fulfilling their mission. Internal audit also play important role in the compliance function as it has the unique opportunity of being independent and also objective in context of its operations because of its reporting structure. Report of the internal audit directly submitted to the board of directors of the company (Pick n pay, n.d.). Following are the functions and areas which are addressed by the GCR in context of internal audit:
Asset management: In this GCR manages the difficult relationships and also the dependencies in the organization by classifying and charting the application systems, databases, infrastructure assets and facilities, important processes of business for ensuring adequate compliance, continuity of business, and also the disaster recovery tasks.
This program establish the process which is used by the banking organizations for the purpose of ensuring that organization and all the members of the organization complied with the rules and regulations, it also ensure that organization and all the members of the organization known which process needs to be follow in context of identifying and preventing the risks such as money laundering and terrorist activities. Therefore, it is important that risk management program is customized in such manner as it match the requirements and other policies and procedures of the organization. Before developing this program it is necessary to understand the client portfolio and the activities in which business is engaged. It is important that implemented program must be understood and implied by all the members either at junior or senior level in the organization.
Following are the most important elements which must be presented in the compliance and risk management strategy of the BIS for the purpose of ensuring that BIS properly prevent the risk related to the financial crime and other risks in the organization:
Current Risk Management Process:
Corporate Risk management strategy: Organization must frame the strategy in context of managing its risk at each and every stage. This strategy must be connected with the main strategy and goal of the organization.
Risk Assessment: Assessment of risk and compliance management program includes different stages and all these stages are defined below:
Analysis of relevant risk: Risk which is identified must be analyzed in proper manner, and for this purpose organizations can adopt different strategies which evaluate the risk and suggest treatments in context of identified and assessed risk. Assessment of risk is considered as the most important stage of the risk process, as this is the only stage through which degree of the risk is analyzed.
Risk Treatment: following is the process which is required in the risk treatment process:
Compliance requirements related to the federal and state laws and regulations have been increased in surprised manner and also impose its effect on almost each and every operational area of the organization. In present business environment, compliance requirement is very expensive and difficult process because of the complex new regulations, information sources, operational impacts, etc. Banking industry usually manages the compliance workflow in manual way, and this creates the difficulty in different branches or interstate operations and in different lines of operations (JSER, n.d.). Because of all these it is necessary to implement the effective risk and compliance management program at each and every stage of the organization. Discussion in this context is stated below:
Identification of the risky areas: compliance required the assessments of the risk at the first stage by using the defined criteria. At this stage, program also provides the score for quantifying the vulnerability and business impact of non-compliance for the purpose of prioritize the business activities. It is necessary to identify the risk because it makes all other processes easier and reliable such as compliance, monitoring, reporting, etc. It is important to keep the board and regulators informed in context of risks that might be result in the non-compliance of the risk. Organization can modernize the work which is involved in the risk assessments because these regulations have meeting and redundant risks, for preventing these risks with the help of the consolidate assessment framework. For identifying the risks, common risk registry and risk policies can be used by the organization, and organization can use different tools which already done the mapping exercises such as software. With the help of the consolidated risk assessment framework, organization separates all the silos and then conducts the risk assessments which are required by the compliance mandates (ERM, n.d.).
Regulatory alerts: instead of holding the large number of technical and other regulatory documents, it is necessary for the organization to work towards the clear executive summary that mainly interprets the important matters only such as deadlines related to the actions, those areas which are directly impacted, and also identify those who are accountable in the organization. It also determines whether any approval is required for making any changes in the policies and procedures. Through this stage, it becomes easier to link the compliance with the internal structure of the organization, roles and responsibilities, and it also promotes the understanding of the obligations in context of the key stakeholders. As risk in terms of the organization different activities are already assessed, then it becomes easy for the organizations to prioritize those activities which require more attention and resources in the organization. It must be noted that, instead of having the critical information such as dates, forms , impacts, etc., it is easier for the organizations to store all these information’s in relevant software’s, so that organizations get the updates and relevant information on time to time. This stage also ensures the interaction which is accompanied with the monitoring and response, and it is considered as rationalizes exercise which decreases the burden of compliance on business areas (DPTI, 2016).
Impact on business: internal control procedures connected with the internal policies of the business, and by assimilating the regulatory changes with the internal policies. This stage makes the things clear what areas of the business are impacted and what actions required to be taken. Tasks related to the workflow are automatically generated to the right people at the right time. Now, internal policies are not required by the internal organizations for each and every area of the business, but they can maintain the consolidated set of internal policies that can be related to the multiple regulations, and ensure compliance of each and every regulation. Those organizations which are not able to quickly determine the impact on business areas in quick manner in context of the regulatory compliance changes will not able to survive in long run (University of Adelaide, n.d.).
All the above stated stages are necessary to ensure the effective risk and compliance management program in the organization.
Recent changes occurred in the regulatory environment, drag the attention of the regulators, authorities, and media on the issues related to the anti-money laundering. Now, financial institutions are immense pressure to monitor and identified the suspected illegal activity. As the result, there are number of organizations which are re-evaluating their programs related to the anti-money laundering.
It is necessary for the organization to ensure the teams which mainly deals with the issues related to the anti-money laundering, and this team includes number of persons such as compliance officers, attorneys, bankers, former regulators, prosecutors, law enforcement officers, accountants and information technology professionals. These professionals mainly possess expertise in their respective fields and also ensure the required resources for the purpose of helping their clients, assess, and manage the risks related to the money laundering and also the terrorist financing.
Organizations can adopt different solutions in this context, and some of these solutions are stated below:
Following recommendations are stated below in context of the risk and compliance management in the organization:
Conclusion:
After considering the above facts, it can be said that GRC framework paly most important role in the organization, as this framework ensures effective compliance management in the organization. GRC provides support to the risk management professionals in context of the documentation, workflow, valuation, etc. Instead of choosing the different solutions in context of issues related to the compliance, organizations prefer to choose the single platform of GRC. There are number of sources from which information is taken by the GRC platform, and all these sources are considered as important tools of the GRC platform. The most important role of the GRC is lie in this area, which means, GCR ensures the compliance with laws and regulations, and also ensures that organization does not face any penalty and financial obligations because of the non-compliance. Non-compliance also affects the reputation of the organization in adverse manner. All these issues can be resolved through the GRC compliance of the organization.
References:
Bora, S. (2018). Importance of Governance, Risk and Compliance (GRC). Available at: https://www.eccinternational.com/blog/index.php/2018/03/06/importance-governance-risk-compliance-grc/. Accessed on 29th June 2018.
DPTI, (2016). Risk Management Process. Available at: https://www.dpti.sa.gov.au/__data/assets/pdf_file/0016/255310/Risk_Management_Process.pdf. Accessed on 29th June 2018.
ERM. Introduction to Risk Management. Available at: https://extensionrme.org/pubs/introductiontoriskmanagement.pdf. Accessed on 29th June 2018.
Gillis, A. (2013). Internal Audit vs. Compliance. Available at: https://www.schneiderdowns.com/our-thoughts-on/risk-advisory-Internal/internal-audit-vs-compliance. Accessed on 29th June 2018.
JSER. Governance, risk and compliance. Available at: https://www.jsereporting.co.za/ar2016/pdfs/Segmented/governance-risk-and-compliance.pdf. Accessed on 29th June 2018.
Lindros, K. (2017). What is GRC and why do you need it?. Available at: https://www.cio.com/article/3206607/compliance/what-is-grc-and-why-do-you-need-it.html. Accessed on 29th June 2018.
Murari, P. (2013). Designing a Future Ready GRC Program. Available at: https://www.grc-summit.com/middleeast/2013/downloads/day1/3-Designing-Future-Ready-GRC-Program.pdf. Accessed on 29th June 2018.
Narasimhan, L. (2017). GRC 101—an Introduction to Governance, Risk Management, and Compliance. Available at: https://www.capgemini.com/2017/10/grc-101-an-introduction-to-governance-risk-management-and-compliance/. Accessed on 29th June 2018.
OCEG. Governance, Risk and Compliance (GRC). Available at: https://www.oceg.org/about/what-is-grc/. Accessed on 29th June 2018.
PicknPay. Audit, risk and compliance committee. Available at: https://www.picknpay-ir.co.za/downloads/governance/2017/audit-risk-compliance.pdf. Accessed on 29th June 2018.
SDS, (2014). Governance, Risk, and Compliance (GRC). Available at: https://trustsds.com/downloads/white-papers/Governance-Risk-Compliance.pdf. Accessed on 29th June 2018.
University of Adelaide. Risk Management Handbook. Available at: https://www.adelaide.edu.au/legalandrisk/docs/resources/Risk_Management_Handbook.pdf. Accessed on 29th June 2018.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download