Vision, Strategy & Structure | KPMG | BE

Vision, Strategy & Structure

Vision, Strategy & Structure

Optimizing Governance, Risk and Compliance Programs.


Related content

Business disruptions, the rapid pace of change, and an increasingly stringent regulatory environment has rekindled the debate on alignment and integration of Governance, Risk and Compliance (GRC). Is an integrated GRC an imperative, or simply, a nice to have? For many organizations it has been a costly and painful endeavor, due to a range of causes, including lack of strategy, poor executive buy-in, failed software implementations, poor change management, and a lack of alignment between program outcome and stakeholder expectations. Whatever the cause, organizations need to understand that it is possible to develop a highly successful GRC program with a positive return on investment, provided they adopt certain good program practices.

A strong program to manage risk and compliance requires a vision of what a new GRC program is designed to achieve for the organization – what success looks like. It must address business needs and strategically align to the organization’s overall objectives. If the strategic objectives of the organization and the goals of the GRC program are not moving in lockstep, the latter will fail to create the benefits that are expected and may even have a detrimental impact on the organization’s risk management capabilities.

Once the vision has been set and the stakeholders’ needs are prioritized, the project team will develop a strategy for the GRC program that will describe the changes to be implemented and the expected effects on the organization’s operations.

Another key component of strategy for a robust GRC program is the design and creation of a roadmap showing how to reach the goals that are set out in the vision and the speed at which the enterprise intends to travel.

A GRC initiative should be seen as a program and not a project. In addition to creating a vision, strategy, and roadmap, there must be a governance structure built for the GRC effort. This is essential. A senior executive, such as the Chief Risk Officer, should be assigned to oversee the program and ensure it fulfils the vision, enabling the program to overcome any significant obstacles in the way of completion.

A successful GRC program will not only improve the way an organization manages risk and compliance, but also improve business operations. An organization with a risk- and compliance-aware culture is likely to withstand external shocks and pre-empt threats to its operations and strategy.

Business opportunities, risk, and compliance, are simply three facets of a resilient enterprise.

© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.

Connect with us


Request for proposal