|
 What does GRC
stand for?
 Governance,
Risk Management and Compliance (GRC) is an increasingly recognized term that reflects
a more holistic approach to these three areas. GRC is not an isolated business activity.
It encompasses multiple overlapping and related activities within your institution,
including internal audit, compliance, operational risk and enterprise risk management
(ERM). The components of GRC can be defined as follows:
Governance is the responsibility of senior executive management
and focuses on establishing a strong system of internal controls. The system
of internal controls reflects the overall attitude, awareness and actions of the
board and management concerning the importance of control activities. The system
of internal controls provides discipline and structure for the institution’s entire
operation and should address:
- The Control Environment
- Risk Assessment
- Compliance Program
- Control Activities
- Accounting, Information and Communication Systems
- Self-Assessment for Monitoring
Risk Management is the process by which the financial institution
sets its risk tolerance, identifies potential risks and assesses the tolerance for
each risk based on the institution’s business and regulatory objectives. Risk Management
leverages the system of internal controls to manage and mitigate risk throughout
the organization.
Compliance is the management function of monitoring the financial
institution’s adherence to organizational, statutory and regulatory requirements
(e.g., the FFIEC’s Safety and Soundness Standards).
Within GRC, it’s important to realize that if the first one (Governance) is not
in place, the second two (Risk Management and Compliance) probably can’t be meaningfully
achieved. By the same logic, if the second one (Risk Management) is not in place,
Compliance probably can’t be achieved. Governance, Risk Management and Compliance
are closely related but distinct activities that address different challenges for
different constituents of your institution.
How does
GRC Pro help?
Maintaining
effective internal controls is the key to safety and soundness. GRC Pro provides
you with a simple way to A.U.D.I.T your internal controls:
|
|
A ssess
U nderstand
D evelop
I mplement
T est
|
My institution
already has a good CAMELS rating – what can GRC Pro do for me?
GRC Pro
can help you sustain that rating year after year. Because GRC Pro is a subscription-based
service, your assessment results, risk profile and remediation efforts are retained.
So you can compare your current risk profile to that of prior years, or to the risk
profiles of peer institutions. As your environment changes, you’ll be able to identify
trends and fine-tune your controls – which means you can sustain your good CAMELS
rating.
Who benefits from GRC Pro?
Everyone
associated with your institution:
|
|
Directors
Directors of financial institutions are tasked by regulators with fostering a strong,
consistent approach towards sound corporate governance practices. Directors must
ensure that their institution has established an adequate system for identifying
and managing risks and monitor their institution’s adherence to accepted Safety
and Soundness Standards. GRC Pro enables Directors to fulfill their responsibilities
by providing them with comprehensive reports that identify and prioritize risks
and document the institution’s remediation efforts.
Executive
Officers
Executive Officers are charged with developing and implementing policies and procedures
designed to identify, measure, monitor, and control risks. Executive Officers must
ensure those policies and procedures are consistently followed and provide risk-based
Board reports that clearly identify all risks and explain the actions being undertaken
to control or mitigate those risks. GRC Pro enables Executive Officers to easily
monitor their institution’s compliance with internal policies and procedures and
produce Board reports that facilitate sound decision-making at the Board level.
Risk
Managers
GRC Pro’s central repository of information allows the Risk Manager to easily identify
areas of concern and monitor remediation across the entire institution. Our modular
approach allows front- and business-line managers to evaluate their areas of responsibility,
with oversight provided by the Risk Manager. The Risk Manager benefits from easy
access to detailed information about each area of the institution, which facilitates
monitoring of targeted risks, as well as higher-level information regarding management
practices, which facilitates monitoring of enterprise risks.
Business
Line Managers
Because GRC Pro features individual modules for each category of business, Business
Line Managers can become more integrally involved in managing risk and compliance
for their lines of business. They no longer have to depend on outside resources
to evaluate their operations, which means they can isolate risks and remediate them
before they grow into enterprise-level issues.
IT /
Operations Managers
GRC Pro enables IT/Operations Managers to monitor risk and compliance within the
back-office and information technology areas of the institution. Our IT module focuses
on IT Management practices that include the following IT-related risks areas: strategic
planning, quality assurance, project management, risk assessment, infrastructure
and architecture, end-user computing, contract administration of third-party service
providers, BCP/DR, and regulatory and legal compliance.
Compliance
Officers / Internal Auditors
GRC Pro gives Auditors and Compliance Officers a systematic way to A.U.D.I.T. (Assess,
Understand, Develop, Implement and Test) their institution’s system of internal
controls – so, they can address control deficiencies in a timely manner and ensure
corrective measures are effective. GRC Pro also eases the burden of regulatory exams
by fully documenting the institution’s internal controls, areas of risk and remediation
efforts. When Compliance Officers and Internal Auditors can quickly and easily satisfy
regulators, the scope and frequency of regulatory exams is reduced.
|
|