The Copenhagen Compliance® principles
and Practices on Governance, Risk Management, Compliance and IT security
(GRC) focus on providing competitive advantages and business benefits
to Corporations, business and organizations a methodology for proactive
GRC convergence to the principles.
We believe that corporations, business and organizations should work
towards implementing and integrating structured compliance in all
its forms. The integration includes components of governance, risk
management and IT security to create business value thru practical
solutions and tools to prevent the adversities of non-compliance.
Copenhagen Compliance® has customized IT solutions, templates, document
etc, to provide solutions for sustainable GRC awareness. We help organizations
and companies to develop, operate and explore the GRC issues to fight
non compliance of GRC issues that are based on the 12 principles.
The objective of the Copenhagen Compliance GRC principles is to ensure
that the client's GRC activities, financial support and staff behavior
is not influenced by temptations or sleaze. We encourage you to see
the merits of soft GRC components like culture, innovation, integrity
and independence in your processes.
The Copenhagen Compliance® principles on Governance, Risk Management,
Compliance and IT security (GRC) produces a number of relevant reports,
whitepapers and monthly newsletters that are practical, straightforward
and user friendly in terms of implementation of the recommendations.
These recommendations should establish a position or platform for
a dialog on key GRC issues with stakeholders.
By following the Copenhagen Compliance® principles on GRC, a clear
signal is sent to ALL stakeholders of commitment to comply. By implementing
the GRC recommendations on the principles and practices, organisations
and will keep the house in order and achieve maximum beneficial use
of available resources by adhering to the following;
- Zero tolerance policy towards non-compliance extends to GRC
activities in all countries.
- Ensure that adequate resources, including staff training, are
available to develop, implement and maintain GRC policies and
The 10 Copenhagen Compliance Principles on Governance, Risk Management,
Compliance and IT-Security (GRC) Issues are about developing best
practices and best-fit solutions that do not depend on a one-size-fits-all
approach and talks into consideration that Innovation does not come
in a box.
- Transparency. Develop a single set of global GRC standards
that focus on transparent, impartial, comparable, unhindered,
clear and openness in transactions and processes. All key risks
are transparent and accurately determine the measures provided
by an independent assessment. GRC processes must be exploratory,
unifying, transparent and integrative as a decision support.
- Accountability. Play an active role in evaluating the
efficiency and effectiveness of financial and internal control
systems. The components of accountability provide increased awareness
and efficiency by using a uniform approach to GRC structures and
process. Data trails and IT access is for authorized personnel
and any changes are tracked and detected. Information is available
when users need it. Controls are based on prevention rather than
- Commitment. Be uncompromising in execution and exceed
in GRC expectations by taking advantage of change rather than
reacting to it. Focus on change issues brought by disruptive forces
and transform these disruptive forces into sustainable advantage.
Establish customized policies and procedures that function as
guiding principles to ensure alignment with strategic objectives,
cross-company buy-in, and regular progress. Be aggressive, but
prudent in achieving targets and goals that are most meaningful
to all stakeholders.
- Monitor the Risk Management processes with well-defined
enterprise risk procedures based on governance, compliance and
IT security assessments. Focus on an integrated internal control
and audit strategy more on areas and operations that are prone
to risks by monitoring effective (key) high risk indicators for
downstream implications of customers, suppliers, finance, operations,
people, technology, risk, legal, and tax. Prepare not only for
the known unknowns, but also for what happens when the (un)known
- IT-Security must be an integral to effective GRC assessments.
Combat security issues like data/identity theft, hacking, malware
thru basic IT principles and best practices to keep the systems
safe. Establish complete security guidelines that help to respond
to organizations' evolving business needs. Technology certainly
is a key enabler. We believe true innovation requires bridging
strategy with security. Execution helps make structural changes
across people, processes, functions, organizational layers and
to the business model.
- Disclosure. Establish an effective means for the public
dissemination of audits, reports and relevant information including
establishing a trustworthy relationship with stakeholders and
media. Consider all significant internal stakeholders and regulatory
regimes in the convergence effort and identify all requirements
to be accommodated at the outset. Have confidence in GRC processes
to create sustainable disclosures that add value, provide insights
and execute assurance on data.
- GRC Leadership and Authority. Ensure that the tone-at-the-top
provides operational support and endorsement on all GRC issues
throughout the organisation. Encourage the establishment of personnel
management procedures that promote diversity and maintain, and
stimulate honest and qualified employees. GRC components can exercise
a part of decision making process on cost rationalization and
optimization of the company's risk and compliance programs.
- Good Governance. Enforce the right GRC codex (e.g. customized
Copenhagen Compliance®) and build a governing framework around
it. Create multidisciplinary and cross-functional GRC teams (capabilities
include: transactions, finance, and restructuring) with the breadth
and depth (specialized skills include organizational design, performance
management, technology, risk management, sourcing and shared services,
tax, analytics, people and change management) Realize convergence
in growth strategies to improve the value of your business.
- Validation of GRC Processes. Streamline assessment and
oversight processes that influence an extended GRC view across
the organization and identify opportunities that go beyond control
and compliance to cultural, organizational and process changes
that benefit the organization thru people, process, and data.
An IT tool or technology alone should not drive the convergence
process on perceived GRC irregularities. Establish a clear change
management plan and apply it throughout the program.
- Audit. Take steps to ensure that both internal and external
auditors provide data on greater effectiveness, productivity and
leverage among risk management and compliance functions. The establishment
of instruction for all financial disclosure and monitor compliance
as part of the ongoing audit process. Adequate level of financial
and operative independence and breadth of internal and external
- Ethics, integrity and independence. Gather industry experience
and extensive business knowledge by using an accepted or Copenhagen
Compliance® Code of Ethics and Integrity to promote codes and
standards to be ahead-of-the-curve on regulation, technology,
and global markets by using the ethical and integrity components
and processes incorporated in the risk and compliance programs.
- Compliance continue work regarding fraud and corruption
through international existing committees and working groups;
for example, the Auditing Standards Committee will consider these
issues as part of developing implementation guidance as part of
a broader standard framework. Increased ability to comply with
new laws and regulations.