By definition, a governance, risk and compliance strategy is designed to protect corporate assets by preparing for and alleviating corporate legal liabilities. But could a comprehensive GRC program not only help mitigate corporate risk, but also improve business processes and profits?
Focusing GRC achieves big leaps forward by aligning and resonating [with overall business] efforts.
Lance J. Freedman,
IT strategy lead, Lockheed Martin Corp.
According to some experts, the answer is yes.
"A solid, comprehensive GRC [governance, risk and compliance] program gives everyone a compass to always find 'true north,'" said Lance J. Freedman, an IT strategy lead at Lockheed Martin Corp. "Changes in regulations, organizational structures and deliverables make it easy for any employee to lose track of what really matters. Successful GRC gives everyone the tools to do what's right."
Freedman is among the presenters at the Chicago 2012 Governance, Risk Management and Compliance Summit, taking place Oct. 23-25. Attendees can expect to learn the benefits of a successful GRC framework, the necessary components for successful integration of that framework, and how to align a GRC program with business objectives, the summit's organizers said.
The summit will explain how organizations can link all governance, risk and compliance aspects to create more holistic organizational frameworks, said Ben Zvaifler, conference director at the Global Strategic Management Institute, which organized the summit.
"A lot of times, organizations don't have a centralized GRC department, so we market the event to people across all the different frameworks, all the different organizational silos," Zvaifler said. "It's really across the board."
Taking a focused, targeted approach to GRC programs can provide huge benefits to the business as a whole, Freedman said. At the Chicago GRC Summit, Freedman will discuss the value in integrating a GRC control framework, and share how organizations can build their own.
By implementing a proven GRC structure and methodology, it helps organizations measure and manage emerging GRC program -- and organization-wide -- needs.
"Focusing GRC achieves big leaps forward by aligning and resonating [with overall business] efforts," Freedman said.
More on GRC strategy
How emerging technology both helps -- and harms -- GRC strategy
Free GRC tools for compliance pros
Implementing these GRC program strategies does take some work, however, and it does not end with the implementation. Because GRC influences the entire organization, companies need to coordinate initial education and follow-up training with all relevant departments and employees.
The success of the GRC program will likely depend on that communication, Freedman said. He compared GRC programs to marathons, with the fastest runners up front dashing ahead the moment any steps are implemented, while other runners take much longer to even reach the starting line. The goal is to get everyone on the same page -- even if it takes time and patience.
"Measure the success of a GRC program by how quickly both the 'sprinters' and the 'walkers' hear and react to changes," Freedman said.
In addition to Freedman, speakers at the Chicago GRC Summit include representatives from big-name companies such as Capital One Financial Corp., Petco and ETrade. Many of the education sessions will take a case study approach and provide real-life examples for attendees, Zvaifler said.
"It gives attendees more practical information; case studies show what people are doing throughout the entire organization to make these things work," Zvaifler said. "They usually give step-by-step examples of what they've done, what they've had success with and also, a lot of times, what didn't work."
For more information on the Chicago GRC Summit, visit the GRC Summit website.