It’s not just another fresh new year for GRC professionals. All signs suggest we can begin to look forward to the end of the recession and an opportunity for professional growth as well as economic growth. I suspect most GRC professionals have had a tough year or two with budget cuts, staffing changes and real challenges to help their companies survive the recession. It’s a good time to take stock of the state of GRC. This blog entry will begin a series of 10 New Years resolutions GRC professionals would be wise to consider as the year begins.
Resolution 1: Get Fit
Most personal resolution include “get fit” near the top of the list. It is worth considering as a professional goal as well. I suggest a GRC Fitness report Card. Here are some topics you should grade yourself on. Give yourself an A, B, C or F grade.
1. How well do your GRC practices identify measure document and refresh information on all controls, risks and issues?
• To score an “A” your company should have succesfully stick handled its way through the recession and added shareholder value. (With no federal bail out of course.)
2. How well do you reevaluate and update your GRC risk and control frameworks?
• An “A” score here would suggest a formal process exists for constantly updating and refining your frameworks and the last year would have required substantial change.
3. How well do you identify and evaluate risks when making important capital expenditure or strategic decisions?
• An “A” here would require fully implemented sustained enterprise risk management. Statistics show few companies would score a passing grade, let alone an “A”.
4. How good are your contingency plans for dealing with potentially high impact, but unlikely, situations that could cripple all or part of your business?
• If you didn’t score well on question 3, you’d probably score badly here. But some companies do a good job of managing business continuity for specific risks.
5. How well have you incorporated innovation, new professional practices, or GRC technology?
• I’d expect an “A” performer here to be well on their way to technology enabled GRC Convergence driven by active demanding stakeholders. Quite frankly, GRC professionals have not shown themselves to be particularly progressive, although many exceptions are emerging.
I’m interested in hearing any results you’d care to share, good or bad. I think both best practices and keen insights into the problems of the GRC community should be communicated widely.
