Governance, Risk Management and Compliance, in context

There are a number of key business processes that help companies achieve control and manage their companies. While there are many activities and functions that contribute to the overall running and performance of a company, some of these critical functions require the synergistic advantage of an integrated approach; the creation of a whole that is far more than merely the sum of its parts.

Governance is the culture, values, mission, structure and layers of policies, processes and measures by which a company is directed and controlled. Risk Management, in this context, is the measure of the likelihood of something happening that will have an effect on achieving business objectives; most importantly, but not exclusively, an adverse effect and therefore follows the systematic application of processes and structures that enable an organization to identify, evaluate, analyze, optimize, monitor, improve, or transfer risk while communicating risk and risk decisions to stakeholders. The overriding goal of risk management is to realize potential opportunities while managing adverse effects of risk. Compliance is the act of adhering to, and the ability to demonstrate adherence to, mandated requirements defined by laws and regulations, as well as voluntary requirements resulting from contractual obligations and internal policies.

Implementing proper stewardship in any one of these focus areas requires that companies avoid information silos, ensure information transparency, and apply processes consistently throughout their companies. These requirements can only be met through the implementation and maintenance of an integrated compliance framework. Integration of these business functions does not mean consolidation of services. Integrating these services means coordinating activities that overlap to ensure a flow of consistent information throughout the organization and that enhance efficient use of resources. In this manner, companies can replicate improvements in one GRC area across other GRC areas in the enterprise. This is how the need to improve efficiency and implement cost control in a business process improvements can be accommodated by expanding the security aspect of a business process. This benefits the business in cost-savings, efficiency, shareholder value and client service and compliance.

BCS’ main mission with our solutions is to build a program of people, processes and technology that enables the companies to:

There are twelve key domains we actively review for applicability to a companies business environment and compliance with existing laws and policies, and implemented as appropriate. All companies may not require the same rigor with all domains, but where a domain is applicable to the companies business, it is tailored and developed for adoption and implementation.

The key components are:

1. Risk Management
2. Policy Management
3. Organizing Information Security
4. Asset Protection
5. Human Resource Security
6. Physical and Environmental Security
7. Communication and Operations Management
8. Access Control
9. Information Systems Acquisition, Development and Maintenance
10. Incident Management
11. Disaster Recovery Management
12. Compliance

Together these domains represent components that provide a framework for developing a GRC program, which must be a business core value of the organization. The components provide value to an company’s business by ensuring the reliability, integrity, and confidentiality of the information and facilities used by the organization and improves the robustness of an organization’s security infrastructure overall.

A successful GRC program ALWAYS supports business, builds value and aligns with the company’s mission, goals, and objectives.