On July 11, 2012 SAP Radio featured four experts on the topics of Governance Risk and Compliance (GRC). They each brought their own special insights to this broad topic, the conversation was high-energy and spirited. A common theme from the show was the need to break down company silos in order for an enterprise information governance strategy to be defined, executed and measured.
The show opened with a very strong statement from Dr. Parveen Gupta Department Chair of Accounting at Lehigh University: “Today, nothing is more fundamental to business and more vexing to a company’s directors than effective risk governance… a failure in risk oversight could be interpreted by the regulators and the courts as a breach of fiduciary duty by the Board.”
This implies there is more at stake than business concerns, that indeed there is a responsibility at a legal level. He also cited two Senior Supervisor’s reports that concluded the global financial meltdown was a result of poor risk management and oversight.
Barry Murphy, co-founder and Principal Analyst with The eDJ Group however did focus on the business concerns yet didn’t ignore the legal aspects. “Good information governance allows companies to get value out of information while minimizing the costs associated with information events like litigation or regulatory requests,” he said.
With the needs and risks clearly established by Dr. Parveen Gupta and Barry Murphy, Fiona Williams of Deloitte & Touche brought up the need for an enterprise wide strategy. “Every organization will face uncertainty and risk ─ the effectiveness of how you deal with governance, risk and compliance (GRC) is what separates market leaders.” She went on to address the challenge in unifying risk efforts across the organization, what an effective methodology looks like and the role leadership plays. I believe she even coined a term in the conversation, Risk Intelligence.
Bruce McQuaig Director, Solution Marketing for SAP Governance Risk and Compliance Solutions opened his comments with a concern for the value of a governance program. “Risk management practices are too often failing to meet the value test. Practitioners are looking for the wrong risks in all the wrong places,” he said. McQuaig also shared a three step methodology that asks specific value questions that need to be answered to ensure the business is getting value out of a program.
While traditionally we understand The “C” in GRC to mean compliance, the panel alluded it should also mean control, costs and culture. Fraud, social media and mobile devices all played a role in this conversation. Dr. Gupta put a humorous spin on the Libor scandal saying it is now spelled Liebor.
The panel clearly made a case that there is competitive advantage in knowing your company’s risks and effectively managing your enterprise data. Moreover, they concluded ignoring the risks can have detrimental effects on the company and the freedom and liberty of its leadership.
Listen to SAP Coffee Break with Game-Changers presents GRC: Risky Business: Time for Governance here. And Tweet your comments to #SAPRadio.