Friday, March 26, 2010

Governance, Risk, and Compliance (GRC)

GRC (Governance, Risk Management, and Compliance) is a fairly new and increasingly recognized term that reflects a way in which organizations can adopt an integrated apprach to these three areas. Governance is the responsibility of senior executive managment in setting the "tone at the top" of an organization. Risk Management leverages internal controls to manage and mitigate risk throughout an enterprise. Compliance is the process that records and monitors the policies, procedures and controls needed to enable compliance with Government regulations as well as internal policies and procedures.

There has been a definite shift in Governmental oversight activities from one that looks at a lot of individual transactions to one that relies on effective control activities to ensure the propriety of costs charged to Government contracts. This is not only evident in the audit environment but in contract administration, quality control, evarned value management, and government property. An effective GRC program will significantly enhance a company's internal controls and facilite Governmental oversight as well.

A large number of companies are now offering software that helps companies develop and maintain GRC systems. The cost of the software however is still very expensive and probably not affordable for small companies. We would like to see a decent application priced along the lines of QuickBooks. At this time, we have nothing to recommend to small companies.

The cost of the software, while expensive, is probably only a small part of the overall cost of implementation. Implementing a GRC system will also require a significant amount of development and implementation labor at the front-end as well as on-going effort to maintain the system and to ensure compliance.

If you wish to read more about this subject, a good place to start is the Wikipedia entry for GRC.

No comments:

Post a Comment