The Governance dimension of Enterprise Risk Management
Do you have an approach or methodology for restoring your global corporate reputation id there is an offence that is committed internally? It seems that most of the GRC offenses intentionally violate established regulations and legal statutes - or just common-sense definitions of what is acceptable, appropriate and ethical should be back on the drawing board.
The following example (from the financial crisis) can be used by all business institutions- by asking similar questions to address the breakdown in risk governance.
- Should banks push in-house products to investor clients against superior third-party products to earn kickbacks from product vendors?
- Is it ethical to sell securities to institutional clients that you know will collapse in value, and then use your proprietary trading platform to speculate against them?
- Can you invade segregated client accounts and borrow the money for your own operations?
- Is it permissible to redefine a bank's central exposure hedging platform as a profit center and circumvent established risk controls to generate additional earnings?
Addressing the governance structure of risk management could significantly reduce if not eliminate the many GRC missteps that force the oversight authorities to be extremely proactive. In the years leading up to the financial crisis, many firms muddled thru their risk management processes in an unstructured manner without ensuring the right expertise. Regulators, stakeholders and investors were unaware that companies, at the same time, were finding ways to circumvent or even marginalize their risk management organizations.
After the crisis it has come to light that similar breakdowns in risk management can occur at apparently some of the most risk-aware organizations. This revelation has alerted the regulators that raise red flags event when they encounter a minor GRC infringement.
During 2012, U.S. banks paid $10.7 billion in fines for various misdeeds. However, no banks or individuals were served with any indictments of criminal activities. Many believed the big bank influences on government regulators and Congress were still strong and that the "Too Big to Jail" code remained in effect.
The growing complexity of production workloads and IT platforms, coupled with performance data growth, continued focus on and IT has its hands full.
Improving data backups, Business Continuity and data retention programs and regulatory compliance are among the top 10 IT initiatives for 2013. This is driven by an increasing number of new regulations and existing regulations updated with stricter compliance requirements.
Serious thought and planning must go into finding dependable ways to improve the protection and preservation of regulated, quality, and structured data to make it uncomplicated to be compliant based prudent decisions based on relevant data.
- What to look for in regulatory compliance, including operational readiness
- How to develop and execute a sound regulatory compliance strategy
Critical technology considerations to access and restore confidence in GRC processes are now high on the corporate agenda.