GRC transformation

The pursuit and realization of a GRC transformation is a critical and often complex undertaking. The effort requires a clear vision, as well as investment in both time and financial resources. As with any investment, management must weigh the initial spend versus the return not only in performance but also future cost savings.

Our library of GRC transformation thought leadership offers organizations an understanding of the importance of GRC investment and how to encourage stakeholder trust in its transformation capabilities.

Optimizing governance, risk, and compliance programs series

A three-part article series that provides the steps needed to make the most of a GRC program, including how to formulate a vision and setting forth a strategic roadmap to fulfill it, utilizing people, processes, and technology to support and sustain its success.

Part 1: Vision, strategy, and structure

The value of an effective GRC program lies in an integrated approach of risk and control with accurate and timely communication of risk information to the decision makers. Risk functions are more effective if they share information and follow consistent processes that allow them to identify risks and opportunities at a pace matching changes in the market and stakeholder expectations. The value of a GRC program cannot be fully realized unless a shared vision for risk management and compliance is driven by the business.

The first part of our series outlines how to develop an understandable and achievable vision, aligned with the organization’s overall goals, that contains a set of guiding principles that will operate for the lifetime of the program. These principles define how the risk, compliance, and assurance functions will work together, breaking down barriers to create enterprise value. The principles will encourage business owners to look beyond their span of control and focus on designing a proactive, strategic GRC capability.

Download PDF

Part 2: The vital role of managing change

Due to the transformational nature of a GRC initiative, there are so many moving parts to consider that it is easy to focus mainly on the technical implementation and less on the human component, even though the latter is equally important. Successful GRC initiatives have a deliberate strategy for managing changing processes, reporting, expectations, and anxieties. This strategy should be executed with the same discipline and enthusiasm as the more technical aspects of the implementation.

In this second installment of our three-part series, we discuss the role played by people and processes in attaining project objectives.

Download PDF

Part 3: Pathway to technology alignment

A successful GRC program improves the management of risk and compliance and also helps to strengthen a company’s competitiveness. Despite the promise, however, some GRC programs have suffered from poor technology selection, weak implementation, and a lack of alignment between stakeholder expectations and program outcomes. Adoption of certain good program practices are important for success. Nevertheless, GRC programs have succeeded thanks to the adoption of certain good program practices.

This report, the third and final installment of a three-part series, discusses technology selection and implementation challenges and tips. Part one explains how to help optimize the value of a GRC investment, focusing on the importance of establishing a vision, strategy, and governance structure for the GRC program. Part two examines matters relating to process, people and change management.

Download PDF

Making the case for GRC investment

Enhancing the return on investment for GRC implementation

Estimating and truly measuring return on investment (ROI) for GRC investments is no longer optional, but rather, it is a business imperative.

Establishing an integrated, enterprise-wide GRC program is a strategic priority for many large and mid-sized organizations. In a dynamic business environment, companies increasingly need highly effective yet efficient risk and compliance management functions to support growth and sustain operations.

While risk and compliance professionals readily grasp the potential of GRC-enabling technologies, their executive leadership must carefully weigh the costs and benefits of a GRC implementation just as they do other top organizational initiatives. This careful calculation is driving the need for GRC stakeholders to create meaningful business cases supported by well-defined program and technology costs, as well as to assert both qualitative and quantitative benefits.

Here we discuss how risk and compliance leaders can make the case for GRC investment with intangible and tangible benefits, including a quantifiable ROI.

Download PDF

Implement GRC technology the right way

Prepare your organization for updated governance, risk and compliance systems

Companies at the beginning of GRC technology implementation often fail to think through all of the components and key activities necessary to ensure a successful initiative. Those that forge ahead without analysis and planning may find that their business processes were not ready for automation, the new technology doesn’t work as anticipated, and timelines for completion can’t
be met.

In fact, without proper planning, companies may not be using GRC tools to their full potential. Technology designed to monitor and analyze GRC processes becomes nothing more than a repository for documents, failing to support the comprehensive GRC program the company intended. Meanwhile, tools are often implemented in silos, and a lack of process leads to conflicting opinions and efforts between business units.

KPMG supports companies from the start of their GRC technology implementation initiatives. Using our enterprise GRC methodology, we review company vision, business process maturity, the drivers of the initiative and the schedule for implementation. We also map available tool functionality to the business processes that organizations need to address.

Based on our methodology and GRC experience, we provide clients with a full assessment and recommendations, including business process improvements and organizational change readiness guidance, to allow for a successful GRC implementation.

Discover best practices for GRC implementation and how KPMG can help organizations introduce these tools safely and effectively, please click here to download our article.

Download PDF

Explore more

Popular category topics