Perhaps, though, the best way to test for the effectiveness of the company’s
governance efforts is if every employee at any level of the organization knows
what the company expects of them, they know what the policies are, they
know where to find them, and have been trained on those relative to their
function. (Sounds like the perfect employee, doesn’t it?)Hurdles to Instituting and Maintaining a Good Framework .....................
With any project that is worth doing, there are going to be a number of chal-
lenges and hurdles to overcome at implementation and throughout the life of
the initiative. Establishing and maintaining a good governance framework is
no different because there are a number of ways for a company to go astray.
In the next few sections, we give a few examples of issues to be considered.78 Part I: Governance, Risk, and Compliance Demystified
The Open Compliance and Ethics Group
For those seeking a good resource to help them
get started on the journey toward GRC or for
those seeking to better hone their efforts, the
Open Compliance and Ethics Group (OCEG) pro-
vides quite a bit of information at its Web site
http://www.oceg.org. The OCEG is a nonprofit organi-
zation dedicated to helping companies align
their GRC efforts in order to drive business per-
formance and promote integrity.To this end, the online magazine Compliance
Weekpublished a series of articles by Scott L.
Mitchell, chairman and CEO of the OCEG. These
articles are intended to help companies put the
goals of GRC into practice. (The series can be
found online at http://www.complianceweek.
com/index.cfm?fuseaction=Page.
viewPage&pageId=345.) Throughout the
11 part series, a number of best practices are
highlighted that relate directly to the gover-
nance function of GRC (many of these overlap
with the information provided above).
Here is a summary of a few of Mitchell’s points:Corporate culture is a safety net for the
company facilitating information sharingTalented individuals should drive the gover-
nance initiative and should occupy decision
making roles
The governing framework ensures that
objectives (strategic, operational, financial,
and compliance) can be achieved; prob-
lems being detected in a timely manner;
when detected the response is timely and
effective; and the framework complies with
internal and external regulationsInformation should be able to easily reach
relevant external stakeholders
Technology should be used appropriatelyProcess and nomenclature should be ubiq-
uitous among the company’s units and
reflect industry norms
Valid tests and metrics should be in place to
validate the framework is functioning as
intended and detect issues