To see the rebuttal, have a look at page 3 of the July edition of Risk Management Magazine here.  And to see the original article which caused the contraversy, click here for page 3 fo the June edition.  (Now locked down, here’s the web version).

For more information on how strategy, risk, governance and assurance come together, please click here.

To subscribe to this series of occasional articles and case studies, please click here.

Governance Risk and Compliance – The Great Risk Con, Todd Davies, Risk Management Magazine, June 2008

GRC as a term is popping up everywhere. It seems that all companies that used to sell audit software are now “GRC companies”, recruiting firms that used to hire auditors and company secretaries now have a “GRC practice” and GRC conferences are popping up all over the place.

So what is GRC? Is it something new that we need to be across? Or is it the latest bit of marketing spin used by software companies to lure new buyers?

Read the full article on Risk Management Magazine’s website here.

Key points

• GRC is an amalgam of a range of different disciplines and functions which don’t always sit nicely together.
• The term seems to stem from “big software” who are keen to create, consolidate and capture new markets.  It blurs lines and does little to aid understanding of the various segments and providers in this space.
• When selecting GRC software it is important to understand exactly what you want to achieve before looking at GRC solutions.  One size does not yet fit all.
• Compliance is only a subset of risk and governance.  By lumping GR&C together there is an increased chance that compliance will dominate, and that strategic risk will continue to be overlooked
• An alternative construct could be to link risk, governance and assurance together with strategy.  This aligns with the intent of ASX Principle 7 and broader shareholder and stakeholder interests.

Related links

• Navigating the GRC Maze – Understanding GRC Solutions and Software Selection
• SRGA – Strategy, Risk, Governance and Assurance
• Enterprise Governance – bringing strategy, risk, governance and assurance functions together

To subscribe to this series of occasional articles and case studies, please click here.

TDA understands the GRC market.  We understand the strengths and weaknesses of different providers and can guide you through the selection process.

We can help you:

1. Understand the different possibilities including in this space such as continuous control monitoring, computer-assisted audit techniques, audit follow-up, data mining, control self-assessment, SOX compliance, risk assessment, legislative compliance, policy compliance, legislative training and integrated solutions.
2. Be very clear on what your specific needs are, including developing your strategy for enterprise governance.
3. Determine whether you require a generalised or niche solution
4. Understand what the most cost-effective solutions are including whether to buy, replace, build or configure
5. Be clear on which solutions have the strongest support base and longevity
6. Negotiate the right price

For more information, contact us.

To subscribe to this series of occasional articles and case studies, please click here.

TDA has track record in brining these functions together for greatest impact.  We can help to ensure:

• Duplication between assurance functions is minimused
• Assurance programs are focused on what really matters
• Risk management has a top-down view of strategic risks
• Emerging risk capability informs the strategy and risk functions
• Strategic risk insight informs the strategy process
• Strategy drives capability development

To find out more, contact us.

To subscribe to this series of occasional articles and case studies, please click here.

The session will be co-chaired with Jon Isaacs, an Audit Committee Chair of a number of government agencies where they will facilitate a discussion relevant to all sectors on what makes a good Audit Committee.

The session will be held on Tuesday March 4, 2008 at 11:15am at the Sydney Convention Centre in Sunny downtown Pyrmont.  For more information on the conference, click here.

To subscribe to this series of occasional articles and case studies, please click here.

So what does all this mean?  Well three things really:

• Great governance should be common sense
• Great governance shouldn’t be difficult to implement
• You shouldn’t have to spend large sums of money on compling or writing disclosure statements.

Our offering is really simple and is aimed at small and mid-cap companies:

• We’ll tell you quickly whether you comply already – and make sure you get credit for what’s already in place
• In the areas where you don’t comply, we’ll see if you already have mechanisms which address the spirit of the principles – again making sure you get credit for being a well governed organisation
• If you don’t comply and don’t have a good mechanism, we’ll give you guidance on whether this matters to your company, to the market and what easy and quick solutions are available to you.
• In rare cases when the answer isn’t a simple one, we’ll give you the answers straight and steer you to a cost effective path.

There are many quick wins in this area, and we’ll make sure you’re across them.

Why TDA?

Todd Davies has been a practitioner representative on the ASX Corporate Governance Council since shortly after the first principles and recommendations were released and was a member of the working group on Principle 7 (Recognise and Manage Risk).  He has deliberately positioned himself as a pragmatist on the group with a sense of how to make the principles useful in practice, and practical to implement.

Perhaps more importantly, Todd believes that this should be an area which common sense prevails and not one where consultants generate large fees.  We encourage you to hold us to that!

To subscribe to this series of occasional articles and case studies, please click here.

There was a particular interest in what this will mean to other sectors.  While it’s difficult to predict in detail, I’d suggest that the one to watch is the new recommendation 7.2.  The crux of the wording of this is that rather than just going through a process, management now need to form a view on whether their risks are being effectively managed and report this through to the Board.  This means that risk management can no longer suffice as a standalone process, but must be truly embedded into the governance processes of the organisation, and that due diligence will have to be done on the output of any risk process.  As I found in my last head of audit & risk role, such a signoff requires significant gear changes in thinking to make it effective and relevant.  It’s going to be an exciting time for risk management for those people on the front foot.

Download the presentation here:
Updated ASX Corporate Governance Principles & Guidelines

If you are looking for assistance with compliance with the Principles & Recommendations, please click here.

To subscribe to this series of occasional articles and case studies, please click here.

• Clarity and unity of vision and sponsorship by internal stakeholders
• Clarity of responsibility between the various assurance, risk and compliance functions
• Efficiency in delivery
• Optomisation of risk and assurance coverage
• Increased risk-sensing ability
• Streamlined implementation with minimal false-starts

In short, bigger bang for buck and more engaged and satisfied stakeholders.

Please click on a link below to find out more about the type of work we typically get involved with.

Vision

• Vision setting
• Benchmarking
• Internal audit self assessment
• Enterprise governance framework

Enabled by High Performing Teams

• The Virtual Chief Audit Executive
• Getting the most out of internal audit sourcing
• Coaching for rising stars
• Getting the right staff on board

Powered by Leading Practices

• Internal audit transformation
• Audit committee best practices
• Assessing the adequacy of your risk framework
• Understanding GRC software solutions
• Strategic risk and emerging risk capability
• Stress testing your risk profile
• Compliance with the ASX Corporate Governance Council Principles and Recommendations

To subscribe to this series of occasional articles and case studies, please click here.

He is also a regular author and commentator on leading practices in these areas and writes a monthly thought piece in Risk Management Magazine.

Recent Articles and White Papers

TDA’s articles and case studies are now available free of charge via an occasional email newsletter.  A sample is set out below.

• Risk management – part of the problem or part of the solution? | Risk Management | September 2011
• Could internal audit have prevented the News Corp Scandal? | Risk Management | August 2011
• Strategic Risk Management? | Risk Management | July 2011
• Why internal audit practice always lags and GRC snakeoil salesmen are alive and well | Risk Management | May 2011
• Time to Mandate Internal Audit? | Risk Management | April 2011
• Need for change to ASX Corporate Governance Principles – Risk Assurance? | Risk Management Today | March 2011
• All gone to custard – another take on assurance maps | The Davies report | March 2011
• A look back at the top 10 risks for 2010 | The Davies report  | January 2011
• Black Swans, Turkeys, Ostriches and other Christmas Poultry – a tale of Strategic Risk | Risk Management Today  | July 2010
• Is your risk framework adequate? Questions directors, investors and the C-suite should ask | Risk Management Today  | June 2010
• A Look Ahead: Top Risks for 2010 and beyond | Internal Auditor  | February 2010
• AXA, Perpetual, Challenger – As the backloop grows stronger it draws more entities in | resilientfutures.org  | October 2008
• Resilient leadership? | resilientfutures.org  | August 2008
• Carbon Pollution Reduction Scheme – Main Event or a Side Show? | resilientfutres.org | August 2008
• Shell shocked | Risk Management Magazine | July 2008
• What can we learn from the WA Gas crisis? | resilientfutures.org | June 2008
• GRC – The Great Risk Con | Risk Management Magazine | June 2008
• Allco, ABC, Babcock. Should we have seen these coming? | resilientfutures.org | June 2008
• Are you being a reckless leader without realising it? | reslientfutures.org | May 2008

Public comment

Todd spent two years with the Institute of Internal Auditors as Australia’s inaugural Technical and Policy Director and was their spokesman, technical advisor and author on technical, policy and advocacy matters in relation to governance, risk, control, audit, assurance and related matters in Australia. Some highlights are listed below.

• Auditors are Compromised, Studies Show | An interview with Todd Davies on a range of issues to due with internal audit regulation in Australia. | Australian Financial Review | 3 April 2009
• Engaging with Internal Auditors | Todd explains how to make the Director / Internal Auditor relationship easy and useful for Boards. | The Boardroom Report, AICD | 12 August 2008
• Both sides of the story | Todd quoted on the need for independent directors and learnings form the GFC. | Monash Business Review |  November 2008

To subscribe to this series of occasional articles and case studies, please click here.

Todd Davies has been helping shape the risk and assurance landscape globally for more than a decade. Todd Davies & Associates works with Australia’s most respected companies to get the greatest impact out of their internal audit and risk functions.

We help leading organisations to:

• Define a vision for risk and assurance in their organisations
• Understand existing practices and what’s possible
• Develop and select the right strategies
• Put the right capabilities, structures and resources in place
• Realise their vision

We act as a sounding board, architect and coach throughout the process and assist with implementation where required.

We also work to develop and drive new practices into the risk and audit professions through our thought leadership series, articles, training, speaking circuit, social media and ground breaking work that we do with our clients.  We are proud to showcase this work and many of our case studies and thought pieces are available free of charge on this site.

Please feel free to read one of our news items and thought pieces from the left hand side of the site, subscribe to The Davies Report, or work your way through the menu at the top of our site to find out more about our services, case studies, testimonials and other ways to link with us and and our network of leading practitioners, clients and colleagues.

We look forward to joining with you to set new norms and leading practices.

To subscribe to this series of occasional articles and case studies, please click here.