GRC (Governance, Risk and Compliance): buzzword, nefarious plot or a new trend?
Thursday, May 3rd, 2007Governance, Risk and Compliance, or GRC for short, is a common phrase these days, especially in traditional auditing circles. Its proponents argue that it represents the start of a necessary effort to break down barriers that divide corporate oversight activities into needlessly competing silos. They argue that governance and compliance failures represent some of the biggest risks facing businesses today. Needless to say, Enron and WorldCom are prominent in these discussions.
No one can argue with the idea that a well understood and widely respected risk culture is essential for effective risk management. Furthermore, good governance starts at the top. If senior management does not take the lead there is little chance of maintaining a sound attitude toward risk in the rest of the organization.
On the other hand, a cynic might say that this is an effort by auditors and other compliance professionals to regain some turf lost to the growing role of financial risk management as a distinct professional activity.
So, is GRC:
- a new buzzword that will soon be forgotten?
- a nefarious plot by traditional control staff to recoup lost influence?
- a much needed and long overdue reform?
- none of the above?
What is your view?
