which can drive up auditing and personnel costs (and the cost of doing busi-
ness). Replacing manual controls with automated controls is one way to allow
controls to be run more frequently — in some cases, continuously — without
large additional costs. That way, if 1 in 100 transactions violates a control, an
automated control will catch it every time without incurring the cost of
checking the 99 transactions that did not violate the control. A manual con-
trol that tests every transaction would find such a problem, but the more
common approach — sampling transactions — is unlikely to find needles in
haystacks. Automated controls save money, run 100 percent of the time, and
allow you to practice exception management.
In the process of designing, applying, and analyzing controls in a business, you
develop a deeper understanding of the processes of your business. Problems
discovered by controls can lead to the redesign of processes to better meet
both business and compliance goals. To get the most out of GRC, the insights
gathered in compliance activities must be shared with managers in each
department so that compliance can become part of the process of continuous
improvement.
Domains of compliance .......................................................................
The sorts of controls just described are used in numerous domains of compli-
ance: financial management, global trade, and environmental, health, and
safety. In each of these areas, different external regulators have set forth
increasingly complex rules and regulations. Proof of compliance with these
regulations may be required in the forms of controls, reports, and certifica-
tions to the veracity of reported information. The section below summarizes
the sorts of compliance that are required in each area. For much more infor-
mation, see the following parts of this book:
Financial compliance is covered in Part II.Trade management is also covered in Part II.
Environmental and safety concerns are covered in Part III.In addition to these traditional domains of compliance, some newer compli-
ance domains also fall under the GRC umbrella:
Privacy regulationsRisk management regulations
SustainabilityInternal policiesIn the following sections, we discuss each of these domains in detail.