Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

A fresh look at your GRC Program

Eight actions to help re-think your approach

Cyber Security Services

Leaders of governance, risk and compliance management (GRC) programs are facing a complex set of challenges. On the one hand, the investments in these programs are under scrutiny for the value they deliver. At the same time, there are systemic shifts in geopolitics, climate, economy, human capital, technology, and healthcare that develop into unprecedented risks. Through all these, the GRC leaders such as yourself must consider that their programs enable their organizations to provide trust and assurance to the stakeholders involved. These challenges typically result in organizations left with having to do more with significantly less. This includes less resources, less funding, less people and mostly less motivation. However, not all needs to be negative. If you can embrace this challenge and use this moment to take a set of pragmatic actions, they stand a chance to seize the opportunity to reset their program’s trajectory. All it takes is have a mindset that focuses on self-awareness, see through chaos, and reframe problems as opportunities. Below are a set of 8 such actions that you can start taking today.

1. Purpose: Start with reflecting on why you took this role and recast the value you promised yourself and the organization you work for. It’s likely that the vision and purpose you have now has evolved and matured along with the business environment changes and needs.

2. People: Think about the organization and alignment of your team. This is a good time to rearrange the deck and give the right opportunities to the right people, allowing your team to re-define and elevate their purpose by taking on roles that are meaningful to them and value-add to the organization. You could have all the tools and budget, but without people executing some of the tasks alongside your tools, the value of your program will never be fully optimized to its maximum potential.

3. Processes: Mine for processes you have in your program and determine their relevance today and for the next 12 months. For example, review your control attestations, risk assessments, and control testing activities to determine if they are providing the adequate insights and visibility to inform proactive business decision making and action. If they are not adding value, then consider re-engineering them to reflect the realities your organization is facing.

4. Foundational data: When was the last time you mapped your controls to regulatory requirements? Or mapped your risks to assets? Now is a good time to look at the current regulatory landscape, prioritize the new needs and evaluate if your assets, risks, and controls are unified and up to date. Being proactive will prepare you for any future audits that you may face.

5. Stale data: Is your issue inventory looking bloated? Are you tracking risk and controls that may no longer be reflective of the organization’s risk profile? Perhaps it’s time to allocate resources to rationalize and purge this data as necessary to help ensure that you are focused on managing the right risks, controls and issues the organization faces going forward. Additionally, this would be a good time to archive, retain or discard data in line with your retention standards.

6. Technologies: If you find yourself spending hours to cobble together a risk or compliance report from multiple data sources, or that the data you are gathering is outdated and difficult to aggregate, it might be time to think about the toolset supporting your program. Devise a plan to steadily migrate to newer and more modern ways of leveraging technologies and integrations that focus on simple and intuitive processes. You do not have to buy it all now, but a plan gives you the confidence to think strategically.

7. Creativity: Allow yourself and your team time to breathe and think creatively. Host an offsite team event or a hackathon to spark new ideas. With refreshed minds comes new innovative ways of thinking and working that will provide better results more efficiently.

8. End User Focus: Listen to your customer and understand what is working well today and what can be improved. Getting external feedback outside of your team will help prioritization of features and improvements to the overall program and will deliver true value to the organization.

The checklist above should give you the ability to reset and provide visibility to where you are spending time and resources and reallocate them effectively. Through these actions and utilizing modern technologies such as automation, cloud, analytics, and integrations with relevant external intelligence, you can set the program and yourself on a course with clear vision and aspirations. Most importantly, you can establish a program that can not only answer complex questions when they come up, but anticipate complete questions for scenarios that are yet to come up.

Explore more insights

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.