In short, the intent is to desegregate disparate GRC structures in order to
reduce system complexity and ensure the company is maximizing its return
on investment (ROI) for its GRC efforts.
Coming to Grips with Governance ...............................................................
It’s easy to view GRC as something of a burden because, on its surface, it
appears to come with costs and seems to be placing constraints on the core
functions of the company. This is especially true of the governance part of it
because this is where you actually have to go and talk to people and change
what they are doing, and as we all know, change is hard.
However, if you look past the surface, you will find that GRC is only a con-
straint to those activities and potential actions that could cause the company
harm. And governance is the mechanism by which a company frees itself of
risk and takes on its regulatory responsibilities — in other words, does its
chores — in the best way possible.
So it is even easier to accept what may at first glance seem to be a contrarian
point of view, which is that an integrated and holistic governing framework —
and GRC system in general — can liberate corporate resources by automat-
ing its risk and compliance management and placing related functions within
a highly efficient and cost effective system. And on top of that, governance
initiatives can play a significant role in helping a company find and create
opportunities to enhance core functions.
Far from being a burden, governance can be, and often is, an agent for change
and for systematically helping an organization achieve its goals.
Chapter 3: Governance: GRC in Action 85
