Governance, risk and compliance (GRC):Indian companies

January 30, 2009

Now the time has came when India’s listed companies start seeing importance of Governance, risk and compliance (GRC) management systems after what happened to Satyam.

Almost 90 per cent of India’s listed firms do not have a single system that rolls up the entire enterprise. They have multiple systems. If you don’t have one platform that can pull out the relevant data, the risk is much higher, MetricStream’s head of Asia Pacific Shankar Bhaskaran says.

Source: Deccan Chronicle


The Top 10 Enterprise Risk-Management Myths

July 30, 2008

To address Sarbanes-Oxley compliance, many companies put in place technology platforms that now support a variety of risk and compliance initiatives. Sarbanes-Oxley solutions were generally purchased with the tacit approval of IT, but few IT organizations standardized on a strategy for managing risk and compliance data.

A lot of companies have moved to augment enterprise risk management platforms with dedicated governance, risk and compliance (GRC) solutions. That trend isn’t going to disappear anytime soon, but some companies will likely come away disappointed with the results. It’s fair to say that automation can seem like anything but in a lot of cases. Newsfactor.com offers a list of 10 ERM-GRC myths.

Few companies can grow without taking risks. But poor risk management leads to surprises in business operations that can impact shareholder confidence, regulatory oversight and the bottom line. An unprecedented wave of regulatory oversight in recent years has convinced many organizations how inadequate their enterprise risk management (ERM) policies and procedures really are.

  1. Myth Number 10: IT Risk Management = Information Security
  2. Myth Number 9: CIOs Embraced Enterprise GRC
  3. Myth Number 8: A Rigid, Standardized Approach Is Best
  4. Myth Number 7: You Can Manage Risk Only from the Center
  5. Myth Number 6: You Can Manage Risk and Compliance with Spreadsheets
  6. Myth Number 5: Traditional Audit Planning Is Good Enough
  7. Myth Number 4: Enterprise Risk Management Is Dead!
  8. Myth Number 3: It Just Takes Common Sense
  9. Myth Number 2: TJX — It Can’t Happen Here
  10. The Number One Myth about ERM: You Can’t Plan for the Unknown