Managing risks that affect the business is a fundamental activity, as these risks influence an organisation’s performance, reputation and future success. With this, the enterprise governance, risk & compliance (GRC) framework is steadily becoming an integral and vital element for enabling financial institutions to operate profitably and effectively. In today’s environment, organisations have started to perceive the GRC framework as a tool to provide better corporate governance and performance, rather than it simply being a risk register of their assessments as it has been in the past.
Risk versus reward:
Though risk/reward are two sides of the same coin, it is often looked at and managed in silos. The GRC framework in recent few years has become quite systematic, informative and advanced. It is increasingly becoming the tool of oversight for boards of directors. Hence, organisations are now trying to adopt much more coherent, board-led frameworks for GRC that communicate with all risk departments.
The GRC framework has also seen itself converging with financial crime and compliance systems of late. There are enough touch points between financial crime and compliance management systems and GRC systems to ensure a reduction in financial crime and operational risk losses.
Compliance management within the GRC framework has also gained momentum. It has its natural interaction with operational risk, but of more value are the compliance workflows, which aid actual compliance execution, tracking and monitoring and, hence, interjecting compliance assessments with actual facts. There has been a shift in the compliance paradigm from being simply rule books to becoming comprehensive risk-based compliance management.
Though organisations are quite focused on risk and performance independently, and continue to improve these practices extremely effectively, the convergence of these aspects in order to add value to one another has been missing. Setting up the risk and performance objectives and then combining them with the right risk appetite levels could facilitate very useful business portfolio decisions against risk/reward.