To see the rebuttal, have a look at page 3 of the July edition of Risk Management Magazine here.  And to see the original article which caused the contraversy, click here for page 3 fo the June edition.  (Now locked down, here’s the web version).

For more information on how strategy, risk, governance and assurance come together, please click here.

To subscribe to this series of occasional articles and case studies, please click here.

Governance Risk and Compliance – The Great Risk Con, Todd Davies, Risk Management Magazine, June 2008

GRC as a term is popping up everywhere. It seems that all companies that used to sell audit software are now “GRC companies”, recruiting firms that used to hire auditors and company secretaries now have a “GRC practice” and GRC conferences are popping up all over the place.

So what is GRC? Is it something new that we need to be across? Or is it the latest bit of marketing spin used by software companies to lure new buyers?

Read the full article on Risk Management Magazine’s website here.

Key points

• GRC is an amalgam of a range of different disciplines and functions which don’t always sit nicely together.
• The term seems to stem from “big software” who are keen to create, consolidate and capture new markets.  It blurs lines and does little to aid understanding of the various segments and providers in this space.
• When selecting GRC software it is important to understand exactly what you want to achieve before looking at GRC solutions.  One size does not yet fit all.
• Compliance is only a subset of risk and governance.  By lumping GR&C together there is an increased chance that compliance will dominate, and that strategic risk will continue to be overlooked
• An alternative construct could be to link risk, governance and assurance together with strategy.  This aligns with the intent of ASX Principle 7 and broader shareholder and stakeholder interests.

Related links

• Navigating the GRC Maze – Understanding GRC Solutions and Software Selection
• SRGA – Strategy, Risk, Governance and Assurance
• Enterprise Governance – bringing strategy, risk, governance and assurance functions together

To subscribe to this series of occasional articles and case studies, please click here.

TDA understands the GRC market.  We understand the strengths and weaknesses of different providers and can guide you through the selection process.

We can help you:

1. Understand the different possibilities including in this space such as continuous control monitoring, computer-assisted audit techniques, audit follow-up, data mining, control self-assessment, SOX compliance, risk assessment, legislative compliance, policy compliance, legislative training and integrated solutions.
2. Be very clear on what your specific needs are, including developing your strategy for enterprise governance.
3. Determine whether you require a generalised or niche solution
4. Understand what the most cost-effective solutions are
5. Be clear on which solutions have the strongest support base and longevity
6. Negotiate the right price

For more information, contact us.

To subscribe to this series of occasional articles and case studies, please click here.

TDA has track record in brining these functions together for greatest impact.  We can help to ensure:

• Duplication between assurance functions is minimused
• Assurance programs are focused on what really matters
• Risk management has a top-down view of strategic risks
• Emerging risk capability informs the strategy and risk functions
• Strategic risk insight informs the strategy process
• Strategy drives capability development

To find out more, contact us.

To subscribe to this series of occasional articles and case studies, please click here.

The session will be co-chaired with Jon Isaacs, an Audit Committee Chair of a number of government agencies where they will facilitate a discussion relevant to all sectors on what makes a good Audit Committee.

The session will be held on Tuesday March 4, 2008 at 11:15am at the Sydney Convention Centre in Sunny downtown Pyrmont.  For more information on the conference, click here.

To subscribe to this series of occasional articles and case studies, please click here.

So what does all this mean?  Well three things really:

• Great governance should be common sense
• Great governance shouldn’t be difficult to implement
• You shouldn’t have to spend large sums of money on compling or writing disclosure statements.

Our offering is really simple and is aimed at small and mid-cap companies:

• We’ll tell you quickly whether you comply already – and make sure you get credit for what’s already in place
• In the areas where you don’t comply, we’ll see if you already have mechanisms which address the spirit of the principles – again making sure you get credit for being a well governed organisation
• If you don’t comply and don’t have a good mechanism, we’ll give you guidance on whether this matters to your company, to the market and what easy and quick solutions are available to you.
• In rare cases when the answer isn’t a simple one, we’ll give you the answers straight and steer you to a cost effective path.

There are many quick wins in this area, and we’ll make sure you’re across them.

Why TDA?

Todd Davies has been a practitioner representative on the ASX Corporate Governance Council since shortly after the first principles and recommendations were released and was a member of the working group on Principle 7 (Recognise and Manage Risk).  He has deliberately positioned himself as a pragmatist on the group with a sense of how to make the principles useful in practice, and practical to implement.

Perhaps more importantly, Todd believes that this should be an area which common sense prevails and not one where consultants generate large fees.  We encourage you to hold us to that!

To subscribe to this series of occasional articles and case studies, please click here.

There was a particular interest in what this will mean to other sectors.  While it’s difficult to predict in detail, I’d suggest that the one to watch is the new recommendation 7.2.  The crux of the wording of this is that rather than just going through a process, management now need to form a view on whether their risks are being effectively managed and report this through to the Board.  This means that risk management can no longer suffice as a standalone process, but must be truly embedded into the governance processes of the organisation, and that due diligence will have to be done on the output of any risk process.  As I found in my last head of audit & risk role, such a signoff requires significant gear changes in thinking to make it effective and relevant.  It’s going to be an exciting time for risk management for those people on the front foot.

Download the presentation here:
Updated ASX Corporate Governance Principles & Guidelines

If you are looking for assistance with compliance with the Principles & Recommendations, please click here.

To subscribe to this series of occasional articles and case studies, please click here.

Strategy, risk, governance and assurance

“Corporate governance, sustainability and strategy have become inseparable.  They are inextricably linked.” Mervyn E. King

A lot of firms specialise in strategy, risk, governance or assurance, but few seem to bring them all together. In everything TDA does, we bring the other disciplines to it, whether using risk management to underpin delivery of your strategy, or getting strategic alignment with these areas.

Please click on a link below to find out more.

Governance & Leadership

• Enterprise Governance – getting everyone on the same page
• Enterprise Resilience – positioning for prosperity in the face of dramatic change
• Compliance with the ASX Corporate Governance Council Principles and Recommendations

Strategy

• Relevance regained – strategic planning for NGOs
• Strategic risk and emerging risk capability

Risk & Assurance

• Fine tuning your Internal Audit function – Internal Audit transformation & quality reviews
• Getting the most out of internal audit sourcing – outsourcing, cosourcing and partnering
• Navigating the GRC maze – understanding GRC solutions and software selection
• Getting what was promised – project assurance and project risk management

To subscribe to this series of occasional articles and case studies, please click here.