Collaboration is Key for GRC Success

An interesting study on the current state of Governance, Risk Management & Compliance (“GRC”) programs has just been released and the results are quite revealing. Entitled “The Role of Governance, Risk Management & Compliance in Organizations”, the study was conducted independently by the Ponemon Institute for EMC.  The study covered four primary domains – IT GRC, Operations GRC, Finance GRC and Legal GRC – and surveyed 190 GRC practitioners across the United States.

One of the primary findings was the fact that organizations are still limited by their ability to collaborate and communicate risk information across the enterprise. Part of the problem lies in the lack of a comprehensive strategy to improve collaboration. Beyond the lack of a strategy, organizations are also limited by their technological support of GRC programs. Here’s what the Ponemon Institute surmised.

We believe this study reveals the importance of an enterprise-wide strategy and increased collaboration among domains to meeting eGRC objectives. Currently, only 20 percent have an enterprise-wide strategy and collaboration among GRC areas is far from perfect. Only 28 percent of respondents say their organizations enjoy frequent collaboration or cooperation among GRC areas. However, the good news is that only 12 percent say GRC areas operate in silos in their organizations.

In order to address the barriers related to collaboration, it has been recommended that organizations make it a priority to encourage people from the various lines of business to talk together and establish “risk ambassadors”. The need to gain visibility and control through effective cross-enterprise eGRC collaboration is important to reducing gaps in how risk is assessed and managed.

Finally, according to respondents, managing risk is and will continue to be the biggest eGRC focus for their organizations. This is understandable because organizations are finding that the cost of complying with the plethora of regulations can be daunting. Taking a risk-based approach toward compliance requirements enables them to focus their resources on the most at-risk areas of their business and achieve real value from their eGRC activities.

Building the right processes, involving the right people and utilizing the right technology are all key to achieving the sort of value that GRC programs should provide. Wheelhouse Advisors is uniquely qualified to bring these key elements together for your organization. Email us at to learn more.


The Path to ERM Success

The path to success in implementing an Enterprise Risk Management (”ERM”) program can be found in greater integration and better technology – that’s according to a recent survey presented at the 2011 Risk and Insurance Management Society (”RIMS”) Conference in Vancouver, British Columbia. Entitled “Excellence in Risk Management VIII”, this is an annual independent survey of executives conducted for RIMS by Marsh. The most common focus area noted in the survey is a desire to strengthen enterprise or strategic risk management approaches. While more than half of the survey respondents indicated this desire, a majority saw the primary barrier to achieving this goal was a lack of understanding of the risk landscape across numerous silos of information.

As a result, 55% of the respondents expect to integrate risk management deeper into and across operations and 54% of respondents expect to perform day-to-day risk management activities more efficiently. To meet these expectations, organizations will need to improve the way they gather and report risk data through more cost-effective technology. The survey report supports this notion through the following observation. “It’s worth noting to risk managers that their counterparts in the C-suite were the most likely to view technology upgrades as a focus area. This should help pave the way for technology that can ease the time spent on mundane tasks and open the door to developing the deeper integration of risk management with other departments.”

Source: Risk & Insurance Management Society, Excellence in Risk Management VIII

Maximize Your GRC Technology Investment

As we move into a new year, more companies are looking to integrate their risk management initiatives to simplify and streamline how they address risk and compliance activities.  In a recent article by Forrester Research, analyst Chris McClean discusses how Governance, Risk and Compliance (“GRC”) software solutions can help companies in their pursuit of integration.  Here are the three primary benefits that companies have realized from their investment in technology.

1. Greater process efficiency — Compliance requirements continue to swell, and the risk landscape is getting more complex. Above all else, customers cited process automation as the core value of their GRC platform implementations. Workflow management capabilities help keep everyone on task, and centralized content management and reporting reduce the need to jump back and forth between different systems. In addition, ongoing improvements in automated controls and control-testing functionality generate even greater efficiency gains. The manager of corporate compliance for a large pharmaceutical company told Forrester: “Managing all GRC initiatives in one platform saves time, resources and money. The ability to build a solid foundation for our compliance program in a relatively short time frame allows us to focus on the acute compliance issues facing our industry.”

2. Convergence of GRC efforts — As well as increasing efficiency, converging the various efforts relevant to governance, risk and compliance fosters cooperation between business functions and improves overall GRC insight. Comparing exposure across different categories of risk or using risk assessments to generate audit scopes are just two examples of GRC convergence benefits. An operational risk management director for a large financial services company said that one of the biggest benefits of implementing a GRC platform was the ability to “integrate the risk disciplines, including internal audit, ORM [operational risk management], SOX and compliance.”

3. Consistency of processes and methodologies — Getting different functions to work with each other is one thing, but getting them to use the same processes and methodologies is much harder. GRC platforms allow organizations to create standard templates for documenting and assessing risks, controls, incidents and other elements of GRC. Consistency also leads to convergence and efficiency and is often an initial driver for the development of a GRC program. The director of risk and compliance for a top high-tech company succinctly explained to Forrester that one of the most important values of GRC technology was the creation of a “consistent way to manage compliance, operational and ERM [enterprise risk management] projects.” Pay close attention to this aspect of GRC value. As risk and compliance become more complex, consistency will quickly become a necessity.

Wheelhouse Advisors can help your company identify the right technology solution and implement a program that will maximize the benefit of your technology investment.  Visit to learn more.

Keys to Success

A recent article at highlights the keys to a successful implementation of technology in support of an Enterprise Risk Management or Governance, Risk & Compliance (“GRC”) program.  While the keys to success are fairly straightforward, it is surprising how many companies fail to address them prior to selecting a technology solution.   The keys to success are:

  1. Define what ERM or GRC means to your organization.
  2. Survey your organization’s regulatory and compliance landscape.
  3. Determine the most logical entry point and develop a phased approach.
  4. Establish a clear business case, considering both short-term and long-term value.
  5. Determine how success will be measured. 

Interestingly, the author of the article is a representative of one of the major GRC technology vendors.  While some vendors may want companies to rush to a purchase decision, this author agrees it is critical for companies to gain this perspective prior to evaluating solutions.  He states,

“With these steps complete, you will be in a much stronger position to qualify vendors and solutions and to determine the best fit for your organization, based on a well-defined project scope and equally well-defined business requirements and associated benefits.”

Wheelhouse Advisors can provide an independent viewpoint and work with your company to achieve the keys to success.  Visit to learn more.