{"id":11058,"date":"2016-06-08T11:37:52","date_gmt":"2016-06-08T09:37:52","guid":{"rendered":"http:\/\/vhtbe04p\/?p=11058&#038;lang=it"},"modified":"2018-12-07T22:39:07","modified_gmt":"2018-12-07T21:39:07","slug":"is-grc-just-another-acronym-or-a-real-opportunity","status":"publish","type":"post","link":"https:\/\/www.be-tse.it\/it\/is-grc-just-another-acronym-or-a-real-opportunity\/","title":{"rendered":"Is GRC  Just Another Acronym Or A Real Opportunity?"},"content":{"rendered":"<p class=\"p1\" style=\"text-align: justify;\"><span class=\"s1\">We all know that, in response to the recent financial crisis, regulators across the globe are focusing on a more robust supervision of all players in the financial services industry. A key effect of this trend is not only the launch of an increasing number of regulatory initiatives but also the fact that the Compliance function will become increasingly important in the near future. <\/span><\/p>\n<p class=\"p1\" style=\"text-align: justify;\"><span class=\"s1\">In February 2011, one of our major clients launched a project aimed at reinforcing, mapping and harmonising the so-called \u201csecond level controls\u201d throughout the Group, on the key regulatory areas that fall under the Compliance function remit; as a result of this initiative, our client\u2019s Global Compliance Framework went into effect in June 2011. In addition, in May 2012, their IT Department launched a project aimed at providing the whole Group with a new platform to be able to manage all three levels of controls (from Internal Controls to Internal Audit through Compliance) on a single system. This platform is based on a market standard solution widely used in the Governance Risk and Compliance space.<\/span><\/p>\n<p class=\"p1\" style=\"text-align: justify;\"><span class=\"s1\">The Open Compliance and Ethics Group (OCEG) defines GRC as a \u201csystem of people, processes and technology that enable an organization to\u201d:<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li class=\"p1\"><span class=\"s1\"><span class=\"s1\">understand and prioritize stakeholder expectations;<\/span><\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li class=\"p1\"><span class=\"s1\"><span class=\"s1\">set business objectives that are congruent with values and risks;<\/span><\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li class=\"p1\"><span class=\"s1\"><span class=\"s1\">achieve objectives while optimizing risk profiles and protecting value;<\/span><\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li class=\"p1\"><span class=\"s1\"><span class=\"s1\">operate within legal, contractual, internal, social and ethical boundaries;<\/span><\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li class=\"p1\"><span class=\"s1\"><span class=\"s1\">provide relevant, reliable and timely information to appropriate stakeholders;<\/span><\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li class=\"p1\"><span class=\"s1\">enable the measurement of the performance and effectiveness of the system.<\/span><\/li>\n<\/ul>\n<p class=\"p1\" style=\"text-align: justify;\"><span class=\"s1\">The basic building blocks of a GRC application include:<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li class=\"p1\"><span class=\"s1\"><span class=\"s1\">integrated dashboards and dimensional reporting;<\/span><\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li class=\"p1\"><span class=\"s1\"><span class=\"s1\">enterprise-class workflow;<\/span><\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li class=\"p1\"><span class=\"s1\"><span class=\"s1\">document management;<\/span><\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li class=\"p1\"><span class=\"s1\"><span class=\"s1\">security and access control;<\/span><\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li class=\"p1\"><span class=\"s1\"><span class=\"s1\">import\/export capabilities<\/span><\/span>\u00a0;<\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li class=\"p1\"><span class=\"s1\"><span class=\"s1\">loss event database;<\/span><\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li class=\"p1\"><span class=\"s1\"><span class=\"s1\">key metrics (KPIs, KRIs, KCIs)<\/span><\/span>\u00a0;<\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li class=\"p1\"><span class=\"s1\"><span class=\"s1\">issue remediation;<\/span><\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li class=\"p1\"><span class=\"s1\">audit trail.<\/span><\/li>\n<\/ul>\n<p class=\"p1\" style=\"text-align: justify;\"><strong><span class=\"s1\">Return on Investment<\/span><\/strong><\/p>\n<p class=\"p1\" style=\"text-align: justify;\"><span class=\"s1\">Although it is difficult to quantify the value added of a \u201cglobal initiative\u201d, fines and censure can highlight the potential cost of non-compliance;In any case some metrics have been developed to help calculate the potential value (see picture).<\/span><\/p>\n<p class=\"p1\" style=\"text-align: justify;\"><strong><span class=\"s1\">Interaction with the \u201cbaseline\u201d<\/span><\/strong><\/p>\n<p class=\"p1\" style=\"text-align: justify;\"><span class=\"s1\">Regulatory risk assessment should be undertaken by each business line but responsibility ultimately lies with Compliance, which must perform the appropriate level of oversight and challenge. Under this framework, the business line would be able to apply its knowledge to assess the regulatory risks to which it is exposed. Compliance would then oversee this process in order to challenge the business on the identi\ufb01ed risks.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We all know that, in response to the recent financial crisis, regulators across the globe are focusing on a more robust supervision of all players in the financial services industry. A key effect of this trend is not only the launch of an increasing number of regulatory initiatives but also the fact that the Compliance [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":453,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[54,60],"tags":[],"class_list":["post-11058","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-approfondimenti","category-rischio-e-conformita"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.be-tse.it\/it\/wp-json\/wp\/v2\/posts\/11058","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.be-tse.it\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.be-tse.it\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.be-tse.it\/it\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.be-tse.it\/it\/wp-json\/wp\/v2\/comments?post=11058"}],"version-history":[{"count":1,"href":"https:\/\/www.be-tse.it\/it\/wp-json\/wp\/v2\/posts\/11058\/revisions"}],"predecessor-version":[{"id":11059,"href":"https:\/\/www.be-tse.it\/it\/wp-json\/wp\/v2\/posts\/11058\/revisions\/11059"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.be-tse.it\/it\/wp-json\/wp\/v2\/media\/453"}],"wp:attachment":[{"href":"https:\/\/www.be-tse.it\/it\/wp-json\/wp\/v2\/media?parent=11058"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.be-tse.it\/it\/wp-json\/wp\/v2\/categories?post=11058"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.be-tse.it\/it\/wp-json\/wp\/v2\/tags?post=11058"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}