It seems that my piece in the June edition of Risk Management Magazine caused some contraversy, and even drew a letter to the editor from the President of the Risk Management Institution of Australia.  This is all healthy debate as it forces us to assess whether learned approaches are still relevant, or whether we’re just keeping a wary eye on the deckchairs (while forgetting to look out for icebergs).

To see the rebuttal, have a look at page 3 of the July edition of Risk Management Magazine here.  And to see the original article which caused the contraversy, click here for page 3 fo the June edition.  (Now locked down, here’s the web version).

For more information on how strategy, risk, governance and assurance come together, please click here.

Governance Risk and Compliance – The Great Risk Con, Todd Davies, Risk Management Magazine, June 2008

GRC as a term is popping up everywhere. It seems that all companies that used to sell audit software are now “GRC companies”, recruiting firms that used to hire auditors and company secretaries now have a “GRC practice” and GRC conferences are popping up all over the place.

So what is GRC? Is it something new that we need to be across? Or is it the latest bit of marketing spin used by software companies to lure new buyers?

Read the full article on Risk Management Magazine’s website here.

Key points

• GRC is an amalgam of a range of different disciplines and functions which don’t always sit nicely together.
• The term seems to stem from “big software” who are keen to create, consolidate and capture new markets.  It blurs lines and does little to aid understanding of the various segments and providers in this space.
• When selecting GRC software it is important to understand exactly what you want to achieve before looking at GRC solutions.  One size does not yet fit all.
• Compliance is only a subset of risk and governance.  By lumping GR&C together there is an increased chance that compliance will dominate, and that strategic risk will continue to be overlooked
• An alternative construct could be to link risk, governance and assurance together with strategy.  This aligns with the intent of ASX Principle 7 and broader shareholder and stakeholder interests.

Related links

• Navigating the GRC Maze – Understanding GRC Solutions and Software Selection
• SRGA – Strategy, Risk, Governance and Assurance
• Enterprise Governance – bringing strategy, risk, governance and assurance functions together

The number of software offerings in the space has increased, and the marketing spin is increasing which means that unless you are a highly experienced and sophisticated buyer with a track record in software selection in this space, your chances of making a poor selection are high.

TDA understands the GRC market.  We understand the strengths and weaknesses of different providers and can guide you through the selection process.

We can help you:

1. Understand the different possibilities including in this space such as continuous control monitoring, computer-assisted audit techniques, audit follow-up, data mining, control self-assessment, SOX compliance, risk assessment, legislative compliance, policy compliance, legislative training and integrated solutions.
2. Be very clear on what your specific needs are, including developing your strategy for enterprise governance.
3. Determine whether you require a generalised or niche solution
4. Understand what the most cost-effective solutions are
5. Be clear on which solutions have the strongest support base and longevity
6. Negotiate the right price

For more information, contact us.

Strategy, risk, governance and assurance

“Corporate governance, sustainability and strategy have become inseparable.  They are inextricably linked.” Mervyn E. King

A lot of firms specialise in strategy, risk, governance or assurance, but few seem to bring them all together. In everything TDA does, we bring the other disciplines to it, whether using risk management to underpin delivery of your strategy, or getting strategic alignment with these areas.

Please click on a link below to find out more.

Governance & Leadership

• Enterprise Governance – getting everyone on the same page
• Enterprise Resilience – positioning for prosperity in the face of dramatic change
• Compliance with the ASX Corporate Governance Council Principles and Recommendations

Strategy

• Relevance regained – strategic planning for NGOs
• Strategic risk and emerging risk capability

Risk & Assurance

• Fine tuning your Internal Audit function – Internal Audit transformation & quality reviews
• Getting the most out of internal audit sourcing – outsourcing, cosourcing and partnering
• Navigating the GRC maze – understanding GRC solutions and software selection
• Getting what was promised – project assurance and project risk management