Fallout from Bailout Bill Will Bring GRC Process into Greater Focus

Our longtime friend Michael Rasmussen of Corporate Integrity has once again sent a thoughtful email to advise us that the execution of Governance, Risk and Compliance policies will be changing again after Congress passed the financial bailout legislation last week. More and more investors and stakeholders will demand greater oversight of business operations because of what has happened to Wall Street and the investment banking industry. The current financial “spill” is not unlike an oil spill; it may be inadvertent, but it leaves behind a toxic environment.

The speed with which events multiplied to destroy century-old firms tells us that companies cannot afford to have systems that are outdated or siloed anymore. Risk can come from anywhere, at any time. Managing risk well demands an investment in the latest information technologies for collecting, analyzing and reporting information. Organizations all over the world, especially large global enterprises, will not be able to raise capital without proof that they are adequately managing business risk and market risk. In addition, stakeholders are looking to management to enhance EHS sustainability for more favorable corporate responsibility reporting.

Businesses that must comply with environmental, health and safety regulations are not immune to this trend. We have seen increasing year-over-year regulations for the past thirty years. This trend is not going to stop; rather, regulators are now empowered to both adopt and enforce an increasing number of regulations on behalf of their constituencies.

Here’s a list of questions Rasmussen suggests business leaders ask themselves right away:

• Do you have the correct risk management oversight across business operations and relationships?
• Do you have appropriate compliance processes?
• Do your compliance processes get to the principle of the matter; or are they simply about checking a requirement?
• Are the values and code of conduct of the corporation adequately defined and communicated?
• Are people properly trained on the expectations set before them?
• Are risk and compliance managed across business relationships?
• How do Governance, Risk and Compliance practices intersect and support corporate responsibility?

We have been urging that businesses ask these questions. It is more important than ever in the current environment. Are your GRC processes set up to be a holistic ecosystem or are they just a set of applications that don’t prompt your company’s managers to talk to each other or the C-suite?

Add comment October 6th, 2008