MAINSTREAMING GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE INTO BUSINESS PROCESS

1

FELICITATIONS FROM

SURAKSHA SUCCESS SYSTEMS 2011

2

Welcome to


3

Mainstreaming GRC
into the
Business Process
by
Sunil KOHLI, IDAS ndc
Indian Defence Accounts Service
Joint Secretary and Financial Adviser,
National Disaster Management Authority
(NDMA) and
National Disaster Response Force (NDRF)


4

Key Focus

“Organizations Reputation, Valuation
and Profitability are directly linked to
Good Governance, Effective and Real-
time Risk Management and adhering
to regulatory Compliance”


5

Mainstreaming GRC into the Business Process

•Mainstreaming GRC into the Business Process
essentially means looking critically at each activity that
is
•Being planned, not only from the perspective of that
business process activity,
•But also From the perspective of embedding GRC
attributes into that process so that it addresses the
GRC concerns.


6

Business Process

GRC


7

MAINSTREAMING ………..
• GRC strategies and measures are most effective when
integrated into the framework of overall business
Process.
• GRC should not be considered as an end in itself which
requires incorporation into Business Process but rather as
an integral component of all Business Process in the first
place.
• Hence, a central theme of mainstreaming is to address
GRC concerns within the Business Process context and
ensure that Business Process, Policies, Projects and
Programmes do not unwittingly create new forms of
vulnerability.

8

NATIONAL DISASTER
MANAGEMENT AUTHORITY
(NDMA)


9

NDMA: DM ACT 2005
• The Disaster Management Act, 2005
brought National Disaster Management
Authority (Apex Body) at National level
• The Act lays down Institutional and
coordination mechanisms at the National,
State, District and Local levels and
provides for establishment of Disaster
Response & Mitigation Funds


10

Paradigm Shift in Approach to DM

• From the earlier Reactive Approach
wherein focus was primarily on response
and relief now on to Proactive
Approach of prevention, mitigation and
preparedness.
• National Roadmap for Disaster Management
(DM)
• Primary objective: Mainstreaming of DM into
the Development Process.
• Create a Culture and ethos of Preparedness &
Prevention across the country

11

DISASTER MANAGEMENT
• Disaster Management means a continuous and integrated
process of planning, organizing, coordinating and implementing
measures which are necessary or expedient for-
• Prevention of danger or threat of any disaster;
• Mitigation or reduction of risk of any disaster or its severity or
consequences;
• Capacity Building;
• Preparedness to deal with any disaster;
• Prompt response to any threatening disaster situation or disaster;
• Assessing the severity or magnitude of effects of any disaster;
• Evacuation, rescue and relief;
• Rehabilitation and reconstruction;

12

NDMA
National
Disaster
Management
Structure


13

DISASTER MANAGEMENT
• We handle all issues relating to
– Governance
– Risk Management and
– Compliance
• In a coordinated, collaborative, and Integrated
Manner by Leveraging Technology effectively.
• Our main focus is on mainstreaming DRR into
the Development process.


INDIAN DEFENCE ACCOUNTS SERVICE

DEFENCE FINANCIAL MANAGEMENT,
AUDITING AND ACCOUNTING
“ENSURING COMPLIANCE AND
PROPELLING PERFORMANCE”
14

15

Precap
• Why GRC? Context
• Defining GRC
• What is GRC?
• Does GRC really matter?
• What to do about it?
• Why mainstream GRC?
• My Key Focus.
• Key Issues
• Key Challenges
• Road Ahead


16

Why GRC?
• CONTEXT:
• Growing Regulatory Environment
• Higher Business Complexity
• Increased Focus on Accountability
• Fast Paced Global Economy
• Competitive Business Spectrum
• Emerging Threats
• Government, Public Sector Organizations and Corporate are
the biggest entities which affects the lives of the citizens and
the consumers.
• Transparency, Risk and Compliance are the main attributes to
ensure Accountability and Corporate Social Responsibility.


17

CEOs “cashed out” prior to
economic crisis

CEOs at major US financial and real estate firms converted tens of millions of dollars of overvalued
stock into cash prior to the eruption of the current financial crisis.

18

CONTEXT
• 2003: IFAC Research:16 companies were classed as failures including Cable &
Wireless (UK), Enron (USA), France Telecom (France), Marconi (UK), Marks
& Spencer (UK), Nortel Networks (Canada), WorldCom (USA), Xerox (USA)
etc.
• The most common problems:
– Poor ethical standards at the top; Aggressive targets and earnings
management; Misaligned incentives
– A CEO too dominant and charismatic; Weak board of directors (too cozy
with CEO); Weak internal controls (e.g., poor resource management)
– A CFO too involved in aggressive merger and acquisitions (M&A)
strategies; Poor choice of strategy and lack of clarity
– Poor execution (especially unsuccessful mergers and acquisitions)
– Failure to respond to change quickly enough


19

CONTEXT
• Enron. Tyco. WorldCom. Vivendi. Saytam.
• Mention any one of them and the response you get is
rolling eyes and shaking heads. So what happened?
• Excessive risk-taking driven by overly aggressive targets and
accompanying incentives does seem to have opened the
door for unethical behavior, info-manipulation,
dishonest reporting, made even worse by ineffective
governance and control mechanisms.
• Consequent legislated corporate and management
accountability standards shouldn‘t surprise anyone.


20

VULNERABILITY OF CORPORATE
• Today‘s business climate is complex and increasingly difficult to
predict. Stakes are rising in a global market; Competition is fierce
& brand loyalty is fickle.
• Across all industries, companies are grappling with high
expectations and margin pressures.
• Businesses face unprecedented numbers of legal, regulatory, and
business partner mandates, as well as value chain requirements
that affect nearly every aspect of their operations.
• The question is, given today‘s highly regulated environment, how
can you control risk, manage effectively, drive performance,
and ultimately inspire greater stakeholder confidence?


21

Why GRC?
• The management of enterprise risk and
compliance has become a critical business
issue
• Good Governance is the most effective
measurement criteria for current and future
stakeholders


22

How GRC is Defined
• GRC is an integrated system of people, processes and
technology, implemented by the board, management, the
workforce, and the extended enterprise which provides
assurance that the organization:
– Understands stakeholder expectations;
– Sets the right objectives to meet stakeholder expectations;
– Achieves objectives while addressing risks and protecting value;
– Operates within legal, contractual, internal, social and ethical
boundaries; and
– Provides relevant, reliable and timely information about the
performance of the system to internal and external stakeholders.

• Source: Open Compliance Ethics Group


23

How GRC is Defined
• “Governance” refers to rules, systems, processes, and
structures that ensure the corporation operates in accordance
with its defined policies and procedures, and engages with
legitimate stakeholders to meet their expectations.
• “Risk Management” refers to the systems and procedures in
place to proactively evaluate risk and to minimize or mitigate
losses.
• “Compliance” refers to the tactical approaches to following
the rules—the systems and processes that enable stakeholders
to evaluate the extent to which companies conform to their
interests.
• In a networked economy, these three elements are as
interdependent as the legs of a stool.


24

How GRC is Defined
• The span of a Governance, Risk and Compliance
process includes three elements
• Governance is the oversight role and the process by
which companies manage and mitigate business risks
• Risk management enables an organization to evaluate
all relevant business and regulatory risks and controls and
monitor mitigation actions in a structured manner
• Compliance ensures that an organization has the
processes and internal controls to meet the
requirements imposed by governmental bodies,
regulators, industry mandates or internal policies.


25

How GRC is Defined
• GRC Discipline
• Governance manages the strategic directives a
company wants to follow.
• Risk management assesses the areas of exposure
and potential impacts.
• Compliance is the tactical action to mitigate
risk


26

GRC Environment


27

GRC Process


28

What is GRC?
• Taken individually, these three terms convey a range of meaning.
• But when grouped together, they have come to indicate a recently conceived
category of technology and consulting services collectively referred to as
GRC.
• Much of the confusion around GRC lies in the notion of 'governance',
which changes from one organisation to the next depending on its
structure, culture, risk strategy and context
• GRC is not just about a streamlined, computerized index of rules.
• It is about behavior.
• A successful GRC platform is a powerful tool that enables a company to
operate within the spirit and the letter of those rules.
• The behaviors and processes that the successfully implemented GRC
platform catalogs and tracks become a part of the company’s culture and
of the work ethic of its employees.
• Source: Achieving Efficient Governance, Risk and Compliance (GRC) Through Process and Automation
EPICORE WHITE PAPER


29

What is GRC?
• Governance, Risk, & Compliance (GRC) is more than a
catchy acronym
• It is an approach to business. An approach that permeates
the organization: its oversight, its processes, its culture, its
boundaries.
• Ultimately, GRC is about the integrity of the organization:
• Does the organization make its code of ethics, policies, and
procedures clear to its employees and business partners?
• Are the values of the organization clear and understood
across the business and its relationships?

• Source: http://www.corp-integrity.com/what-is-grc


30

What is GRC?
• It is easier to define what GRC is NOT:
• GRC is not about silos of risk and compliance operating
independently of each other;
• GRC is not solely about technology – though technology
plays a critical role;
• GRC is not just a label of services that consultants provide;
• GRC is not just about financial controls;
• GRC is not another label for enterprise risk management
(ERM), although GRC encompasses ERM; and, furthermore,
• GRC is not about a single individual owning all aspects of
governance, risk, and compliance.


31

What is GRC?
• SUMMARY
• Good governance can only be achieved through
diligent risk and compliance management.
• Ignoring a federated view of GRC results in
business processes, partners, employees, and
systems that behave like leaves blowing in the
wind.


32

OCEG: Great view of GRC
– what it is really all about


33

Does GRC really matter?
• GRC really does matter.
• GRC emerged because traditional governance,
risk and compliance approaches are not
sufficient for new business realities.
• GRC is widely discussed because it is relevant in
all industries and sectors, all over the world and
has impacts across all functions in a modern
enterprise.
• http://www.deloitte.com/assets/Dcom-
UnitedStates/Local%20Assets/Documents/us_grc_Demystifying%20GRC_Lee%20Dittmar.pdf


34

Does GRC really matter?
• Most organizations have viewed governance,
risk and compliance as discrete activities
separate from mainstream business processes
and decision-making.
• http://www.deloitte.com/assets/Dcom-
UnitedStates/Local%20Assets/Documents/us_grc_Demystifying%20GRC_Lee%20Dittmar.pdf


35

What to do about it.?
Corporations Need to Rebuild and Strengthen Stakeholder Trust


36

Pervasive Fragmentation Complicates the Pursuit of Stakeholder Trust


37


Internal GRC
Discipline
Fragmentation
Interrelationship
Between
Governance,
Risk, and
Compliance
Management


38


An Integrated Approach to Transparency is Essential

• Organizations must embed the appropriate
behaviors into the organization’s culture,
processes, and systems.
• To do so, they need a comprehensive approach to
governance, risk management, and compliance.
• An integrated GRC strategy becomes in itself a
differentiator.


39

Integration of GRC and Culture


40

Why mainstream GRC?
• There is a critical need to mainstream the Governance, Risk
management and compliance (GRC) functionalities into
Business Process.
• There are various possibilities to add Governance, Risk, and
Compliance (GRC) related functionality to processes. These
can be done by: -
– Embedding compliance into business processes, enabling
business-owner accountability, preventing fraud, and minimizing audit time
and related costs
– By incorporating control activities into everyday business
processes, companies avoid after-the-fact violation detection
– Learn how to implement a top-down, risk-based framework to identify, control,
and test the transactions and business processes that are most likely to be
scrutinized during an audit.


41

My Key Focus
1. Why Government and Public Sector are not
adopting an integrated GRC functionalities as a
tool for better Governance?


42

Publication: The Times Of India Delhi; Date: Apr 21, 2011; Section: Times Sport;
Page: 24; Order No: 7157124_1_1; Dimension: 12.0 X 10.0 sq.cm;


43

My Key Focus
1. What is the Focus of corporates on the issue of
―CORPORATE GOVERNANCE‖?
2. What are the corporates policies about good
governance?
3. Governments are creatures of law and as such,
they can do only what the law allows,(the
things that it is authorized to do) and using the
methods that are prescribed in contrast to
organizations in the private sector that can do
anything not prohibited by law


44

My Key Focus
• Governance is wider in scope than government. It
includes non-governmental and informal
organizations. It makes for crafting social
institutions as a matter of substantive public
concern. In the present globalization scenario, we
are witnessing an increasing concern towards the
issue of governance. The managerial orientation
that is making way into the domain of public
administration with thrust on economy, efficiency,
and effectiveness is also emphasizing the pursuance
of governance for development.


45

My Key Focus
• Determinants of Good Governance relevant to the
corporate sector includes Competitive environment
injecting competition into service delivery;
• Organizational pluralism which demands
convergence of State, Market Forces
(represented by Corporate sector) and civil
society organizations for governance; Probity in
public life; Building social capacity; Performance
partnership between government, NGOs and
private agencies; Ethical approach to human
concerns and E-governance.


46

My Key Focus
• GRC is about the need for ―Principled
Performance‖.
• Organizations need to consider the ethical
environment and the expectations of the
society within which they operate. Optimizing
profits for the shareholders at the same time as you
are building a reputation as a ruthless operator that
doesn‘t care about the environment, your workers,
or the community is not a recipe for long-term
success


47

My Key Focus
• While the reputation and respect for our country
had been growing internationally, in early 2009 one
word stood between our successful growth story
and the credibility of our institutions. That word
with which you are all too familiar is ―SATYAM‖.
• The story breaking in January, 2009 created ripples
in global economies about the quality of corporate
governance, efficacy of regulatory bodies and
probity in corporates.


48

My Key Focus
• What this country cannot risk is the deficit of
‗ethics‘ in its corporates.
• No business can be sustainable in the long run
and have a consistent growth trajectory, unless it
is based on an edifice of credibility and integrity.
• Deficit in governance is not applicable to
government alone. It applies equally to the
business community.


49

My Key Focus
• What this country cannot risk is the deficit of
‗ethics‘ in its corporates.
• No business can be sustainable in the long run
and have a consistent growth trajectory, unless it
is based on an edifice of credibility and integrity.
• Deficit in governance is not applicable to
government alone. It applies equally to the
business community.


50

My Key Focus
• The post reform period has witnessed a corporate culture of
diluting or ignoring stringent ethical standards.
• It is often considered ethical as long as a corporate
establishment, in its business practices, remains within legal
confines to survive in business and beat the competition.
• This is misplaced corporate governance.
• Probity in business is as important a trait in an outstanding
CEO as is to be articulate, positive, courageous, dynamic and
professionally competent. You have to be a developer of
talent and maintain cultural sensitivity. The culture to perform
has to be deeply inculcated. Without meritocracy, you fall into
the morass of nepotism and mediocrity.


51

My Key Focus
• I wish to propose a thought to leave behind with you.
• The East India Company, with which we are all familiar, was
founded in the year 1600. It is often believed to be the
forerunner of the modern multinational. Starting as a humble
trader in Asian Spices, the company soon began to manage
Britain‘s Indian empire.
• Today, there is no sign, not even a plaque in any building or
location in London announcing the existence of the world‘s
one time most powerful corporation.
• What brought about the demise of this powerful company in
an era which was otherwise, promoting globalization? The
company‘s legacy provides compelling lessons on how to
ensure accountability and probity of today‘s global business.


52

My Key Focus
• The most fundamental challenge that all Institutions face is to ensure
that employees promote the collective rather than their individual self
interest.
• Private trading by its managers became one of the cancers that gnawed
at the company‘s ethical fiber. Taking ‗presents‘ to secure business
became common place. These ‗presents‘ influenced the quality and
cost of the commodities traded. The cancer erupted into intrigue,
corruption and speculation leading to its tragic decline and its non
existence today.
• History has repeated itself with Barrings Bank, Bears Stearns, Lehman
brothers, Fannie Mae and Freddie Mac personal greed versus
corporate interest.
• You need to deliberate on this and ensure that such temptations do not
befall you.


53

My Key Focus
• The immediate and defining challenge for all of us
today in our professional endeavours is that it
would be increasingly difficult for us to claim
innocence for ourselves in private enterprise on
account of the profits we make, if the effect of our
acts threatens or undermines the larger public
interest.
• In an interconnected and globalised world, it would
simply not work as an excuse if our conduct and
behavior are not fully informed of the larger
implications of our acts on all our stake holders.


54

My Key Focus
• If the most powerful dictators of the world are unable to stem the tide of
protest from their people, it would be naïve to assume that the so called
private enterprise would be able to shield itself from the consequences of its
actions either on the strength of its bottom-line or the economic doctrine of
free markets.
• This is what I would like to highlight as the requirement cast upon managers
and entrepreneurs such as you in the time to come.
• So far, we have been used to the requirement of probity and
accountability in public life.
• It is about time that the private enterprise too voluntarily
embraces the values of probity and accountability to all their
stakeholders.


59

The Danger of Invisible Corporate Power


60

• It may take several election cycles to scrub corporate influence and control
from our political system.
• Let's face it: Large corporations have our country, and us, in a death grip. Some of
their bad behavior makes big headlines: the BP oil disaster, Goldman Sachs'
financial shenanigans, Enron's book-cooking. However, equally dangerous
corporate activity happens every day, far from public view.
• Corporations have seeped almost invisibly into nearly every government agency and
too many congressional offices. And they're as poisonous as carbon monoxide. In
the last 20 years, protective legislation and regulation, carefully constructed from the
days of President Coolidge and vastly strengthened due to the Depression, have
seriously deteriorated.
• There's nothing inherently evil, or even bad, about corporations. Indeed, the
combination of capital and management under one roof is efficient and essential in a
global, competitive world. So much of our standard of living and our worldwide
leadership are directly traceable to our corporate and entrepreneurial culture. But even
good things, when they get out of control, turn destructive. Cancer, after all, is just
growth gone wild.


61

• There has always been tension between good government and free enterprise. It hurts the
bottom line to scrub emissions from coal-burning power generators, ensure meat is sanitary, clean
up toxic waste, and disclose the full risks of financial products. But once corporations realized
that instead of fighting government they could actually buy it through lobbying and political
contributions, the base of our democracy eroded. Their "invisible power" got a grip. The stealthy
hunt for corporate profits metastasized from the marketplace and entered the halls of Congress
and the executive branch.
• The fight over reforming Wall Street is just the latest example. The need for regulation is hardly
theoretical here. We're still reeling from a crisis caused by the absence of it. Congress doesn't even
need to reinvent the wheel, a favorite task. There were laws and regulations that had worked for
so long, such as those to keep banks and investment brokers separate; require diligent lending;
prohibit betting against your own borrowers; require full disclosure to borrowers; and, above all,
keep the risk with the lenders to insure they make prudent loans.
• So why has the debate on reform dragged on for nearly a year? The public wants Wall Street
reined in. So why would any legislator, much less an entire political party, get in the way of
financial reform? It can't just be a coincidence that the financial sector happens to be the biggest
contributor to 2010 congressional campaigns, with more than $129 million doled out already.
Financial firms have also spent well over a half a billion dollars on lobbying since early 2009.


62

• To reverse this situation we must change who gets elected to Congress. And that is the
one thing we can do, and perhaps the only thing, to neutralize corporate control of our
government. Only real people have the vote; corporations don't.
• To regain our democracy, we must:
• Identify and make public those elected representatives who owe their jobs to corporate
largesse and cast their votes accordingly.
• Insulate the election process from corporate funding. Bills in both the Senate and
House that would forbid campaign spending by contractors who receive more than
$50,000 in taxpayer funds would be a good start.
• Prohibit lawmakers and lobbyists from interacting with each other, except to exchange
ideas on legislation, and require them to publish a record of their contacts.
• It may take several election cycles to scrub corporate influence and control from our
political system, but once it starts it will gain momentum. And once we've
accomplished this feat, appropriate regulation and control will follow. The horse will
be before the cart, and the driver will be a human person.
• http://www.ips-dc.org/articles/the_danger_of_invisible_corporate_power


63

Corporate Social Irresponsibility


64

• BP must come clean, both literally and figuratively.
• The 1989 Exxon Valdez oil spill gave rise to the corporate social responsibility movement. The
BP oil disaster may mark its collapse.
• Over the past two decades, many organizations and investors have conducted an experiment in
corporate behavior modification. An array of well-intentioned organizations promoted the idea
that large corporations could be made to do the right thing, by urging them to sign voluntary
codes of conduct and adopt other seemingly enlightened policies on environmental and social
issues.
• At first, management met this movement with resistance, but big business soon realized the
advantages of projecting an ethical image--so much so that corporate social responsibility (known
widely as CSR) is now used as a selling point by many firms. Chevron's "Will You Join Us" ad
campaign, for example, apparently tries to convey the oil giant as a key player in global efforts to
save the Earth.
• Businesses found that a socially responsible image could serve as a buffer against aggressive
regulation. While CSR proponents in the nonprofit sector didn't pursue a deregulatory agenda,
the image of virtuous companies conveyed the message that strong government intervention was
unnecessary. CSR dovetails with the efforts of corporations and their allies to undermine formal
oversight of business activities. This is what General Electric was up to when it ran its
"Ecoimagination" ads while lobbying to weaken air pollution rules governing the locomotives it
makes.

65

• Recent events make it clear that a commitment to CSR can be too
cosmetic. The corporation at the center of the Gulf oil disaster, BP,
promoted itself as being socially responsible for many years. A decade
ago it adopted a sunburst logo, acknowledged that global warming was
a problem, and claimed to be going "beyond petroleum" by investing
(modestly) in renewable energy sources. What did all that social
responsibility mean if the corporation could still, as the emerging
evidence suggests, cut corners on safety in one of its riskiest activities--
deepwater drilling?
• BP is hardly unique in violating its self-professed "high standards."
This year has also seen the moral implosion of Toyota, another darling
of the CSR world. Only months after the Prius producer was chosen
by the Ethisphere Institute as one of "the world's most ethical
companies," it was found that Toyota had failed to notify regulators or
the public about its defective gas pedals.


66

• Goldman Sachs, widely despised these days for unscrupulous behavior during
the financial meltdown, was a CSR pioneer in the investment banking world.
In 2005 it was the first Wall Street firm to adopt a comprehensive
environmental policy (after being pressured by grassroots organizations to do
so), and it established a think tank on environmental markets.
• When the members of a corporate rogues' gallery all profess to be socially
responsible, the concept becomes meaningless. The best that can be said is
that these corporations may behave well in some respects while screwing up
royally in others--the way that Wal-Mart is supposedly in the forefront of
environmental reform while retaining its Neanderthal labor policies. Selective
ethics are no more tolerable for corporations than they are for people.
• BP must come clean, both literally and figuratively. The $20 billion escrow
fund is a good start, but the corporation must also provide a full accounting
of what went wrong in the Gulf and what it will do to improve safety
conditions in all its operations. You can let BP know that true corporate social
responsibility means more than cheery logos, catchy slogans, and token
gestures by taking action today at StopCorporateAbuse.org/HallOfShame.


67

Key Issues
• Mainstreaming GRC into the Business Process
• Road Map for Initiating GRC Program in an ERM and compliance
strategies
• Sharing of best practices
• Unifying risk management across business units and departments
• Gaining board buy-in in a meaningful way
• Quantifying culture
• International Perspective
• Main drivers for GRC
• GRC Convergence
• Challenges for a unified GRC framework?
• Common blocks?
• Siloed risk function and impact on your GRC strategy


68

Key Issues
• Elements of a good Corporate Governance structure
• Positioning the GRC structure right in the organizational
hierarchy
• GRC Integration with Governance: Instilling a culture of
good corporate governance for GRC success
• Changing approaches to corporate governance
• Ethics and corporate governance
• Integrating corporate governance with CSR
• Linking good governance to your GRC strategy?
• Evaluating the return on your GRC Investment
• GRC Enabler: Information Governance


90

Key Challenges
• The cultural change is by far the biggest challenge.
• Aligning functions that have similarity in process but a fundamental
difference
– the outward-facing nature of risk management,
– the inward-facing nature of governance and the
– all-encompassing nature of compliance - is not an easy prospect.
• Corporate buy-in needs to be both top-down and bottom-up.
• Executives need to lead by example.
• Business units need to realise that GRC activities are a key part of
their daily activity, not a nuisance to be set aside or hurried through.
• Adoption of a common risk understanding, language and
methodology.
• Top management must prioritize risk and governance, and
integrate it into the company strategy and objectives
When optimizing for the whole, you sometimes are not going to be as efficient in the parts.


91

Key Challenges
• Breaking Corporate Inertia
• Instilling an environment where all parts of the
organisation are risk-confident.
• Being creative about how to communicate about
the framework is important, and the
communication has to be continual and
changing.
• Continue to adapt, learn and be proactive.


92

Road Ahead
• Need to adopt C3I2 Approach
– Coordination;
– Communication;
– Collaboration;
– Integration ; and
– Implementation
• Overcome DRIP Syndrome
– Data Rich Information Poor


93

REFERENCES
• 1 ―One for Three: Should governance, risk management, and compliance be tackled as
one problem, or is this a classic case of scope creep?‖, CFO, Sept, 2007
• http://www.corp-integrity.com/what-is-grc
• Demystifying GRC by Lee Dittmar, Deloitte Consulting LLP;
– http://www.deloitte.com/assets/Dcom-
UnitedStates/Local%20Assets/Documents/us_grc_Demystifying%20GRC_Lee%20Dittmar.
pdf
• Source: Open Compliance Ethics Group
– Pulling it all together: Integrated Solutions for Governance, Risk and Compliance;
https://www.deloitte.com/assets/Dcom-
Australia/Local%20Assets/Documents/Services/Risk%20services/Integrated%20solutions%20for%20G
RC.pdf
– http://www.myexpospace.com/OracleDemogrounds2008/PDFDOCLIB/GRC-Oraclegrcbrochure-08-11-
08.pdf
• Standards for Integrated Governance, Risk and Compliance Management Scott L. Mitchell CEO,
Open Compliance & Ethics Group smitchell@oceg.org
– http://www.slideshare.net/Jackie72/download-4384868


94

REFERENCES
• MetricStream Whitepaper Governance, Risk and
Compliance Framework
http://www.metricstream.com/pdf/whitepapers/
MetricStream_White_Paper_GRC.pdf
• http://www.corp-integrity.com/integrity-
ethics/why-policies-matter
• http://www.ips-
dc.org/articles/the_danger_of_invisible_corporate_
power
• http://www.ips-
dc.org/articles/corporate_social_irresponsibility


95

REFERENCES
• http://www.myexpospace.co
m/OracleDemogrounds2008
/PDFDOCLIB/GRC-
Oraclegrcbrochure-08-11-
08.pdf


SUNIL KOHLI
Indian Defence Accounts Service
Joint Secretary And Financial Adviser
National Disaster Management Authority (NDMA),
and National Disaster Response Force(NDRF),
Government of India, Ministry of Home Affairs, India
# A-1, Safdarjang Enclave, Opposite AIIMS Trauma Centre,
New Delhi 110 029
Tel: +91 11 26701709 Office
+91 11 26180503 Direct
+91 11 26701715 Fax,
+91 11 26133298 Residence
+91 9868151472 Mobile
E Mail: kohlisk@gmail.com
kohlifandma@gmail.com
skkohli@ndma.gov.in
Website: www.ndma.gov.in
FACEBOOK: http://www.facebook.com/sunilkumarkohli

96

97

Streamlining Compliance
• ISSUES
• Is Compliance a separate and important management discipline?
• Why should compliance be any different than finance,
audit, legal or risk management departments as a
mainstream management function?
• A tool to integrate compliance management reporting into a
more efficient and effective function is needed.

Michael Rasmussen http://www.corp-integrity.com/wp-content/uploads/ 2010/12/StreamliningCompliance.pdf

98

CORPORATE CULTURE


99


MAINSTREAMING GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE INTO BUSINESS PROCESS

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (8)

Ähnlich wie MAINSTREAMING GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE INTO BUSINESS PROCESS

Ähnlich wie MAINSTREAMING GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE INTO BUSINESS PROCESS (20)

Mehr von SUNIL KUMAR KOHLI, IDAS ndc

Mehr von SUNIL KUMAR KOHLI, IDAS ndc (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

MAINSTREAMING GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE INTO BUSINESS PROCESS