GRC Controllers




Newsletter | Volume 1

Issue I
Issue II
Issue III
Issue IV
Issue V
Issue VI
Issue VII
Issue VIII
Issue IX
Issue X

click here to

Subscribe to our newsletter



To Unsubscribe click here

If you don't know where your Governance, Risk Management and Compliance (GRC) processes are headed, any path may take you there. However we suggest developing your own roadmap to reach your desired destination



There is a conflict of interest issue within the organization, when management focuses is on overcoming idle operational practices throughout the organization but the underlying divisions and business units have a different interest than the corporate.

Putting in place the right level and combination of GRC policies and processes, may often require management to rethinking the company's strategic- and financial-planning structure.

After attending the Copenhagen Compliance Conference you probably will identify the components and find that the rewards will make the effort worthwhile. Several of the Key Note speeches will focus on how to escape the tyranny of idle operational practices of check the box controls into creating more dynamic portfolios out of the box.

When you want to develop a Governance, Risk Management and Compliance agenda, it's helpful to have an achievement objective and a time frame in mind with milestones and thresholds. Where to place the GRC bar, what is the risk appetite, do we have an IT platform that can handle the GRC processes are a few of the questions that should not be answered in clear terms. The right answers may change or improve the business environment without creating additional burdens or bureaucratic processes in the organization.

Further you will get detailed information to inspire you to structure your responses to your GRC processes based on a roadmap. Several experts will define how to move beyond generic GRC statements, such as strengthen our internal controls or continue to mitigate our risks. In order to identify dangerous business processes and create a foundation for prudent GRC, Bribery, Fraud and Corruption potholes, you need to ensure adequate commitment, talent, and other resources to achieve the goals.

After setting the GRC targets the organizations and companies need to define the mechanisms for monitoring, revisiting and adjusting them over time. We suggest a quarterly review of GRC process based on our checklist that examines the performance of the pre defined core GRC processes against the matrix and measures:

  1. Allocate GRC resources with agility. Business units must not be overburdened with new demands that diminish the impact of corporate GRC policies and strategies.
  2. Do not adopt a mind-set of “more controls are better, but on evidence that prompt questions yielding strategic GRC insights.
  3. In broad terms do not oversimplify the GRC choices.
    • Focus on the four fundamental GRC activities related to seeding, nurturing, pruning, and harvesting. Seeding is implementing new GRC controls. Nurturing involves building up the existing controls to fit the changes business environment, Pruning takes the resources and controls away from redundant processes or double controls thru a holistic approach, and finally, harvesting is reaping the rewards of the GRC undertaking.
  4. Implement processes to mitigate idle GRC operational practices.
    • A systematic GRC processes can strengthen the planning and management processes that generate a rough view of the GRC opportunities. When senior management does not take the helicopter view you are unable to prioritize and benchmark your GRC controls.

One of the many panel or round table discussion during the Copenhagen Compliance Conference are:

Discussion. Is Good Governance is Good Business?

A common GRC challenge all over the world, is in finding fresh ways to make enterprise GRC Strategies That Increase Efficiencies Across the Organization
  • How to reduce redundancy and repetition, improve efficiency and consistency, and keep everyone aware of what's going on across risk, compliance, and audit functions.
  • How do we address and unify GRC initiatives that deliver an integrated program that empowers decision making and enables cross collaboration across different business units as they tackle diverse key initiatives to gain stronger insights, and make all elements of GRC relevant for the global workforce.

Panelists: Mr. Rob van Straten, Jens Røder, Hege Sjø, Simon Collins, Luka Lu Moderator, Lady Olga Maitland. Co-chair Mariano Davies