GRC reporting: Paradigm 3
Paradigm change in GRC reporting
- generate tangible value for the executive and supervisory boards
Many organizations still view GRC reporting merely as a necessary legal requirement and a contribution to reducing liability. Reports for executives and supervisory boards, however, offer potential for presenting opportunities in light of risks and, therefore, delivering real value for the company’s sustainable development. This, however, requires a paradigm shift in the way that GRC processes are reported so that the efforts center on providing concrete insights on core issues for the supervisory and executive boards. Paradigm # 3 refers to progression to insightful reports:
- from fragmented reports to an integrated, complete picture of the situation of the organization
Reporting that shows correlations and dependencies can help deliver decisive insights. Yet the results from GRC activities, in particular, are still often reported in mere fragments. Important correlations throughout the company, however, cannot be identified through classic approaches to reporting. Common examples include:
- Contradicting results: An action was reported as “implemented” in risk management, and the evaluation for the underlying risk was lowered accordingly. An audit, however, later determined that this action is not suitable to address the risk. This information, however, was overlooked.
- Systematic weaknesses: Determinations and weaknesses are often viewed individually, in other words, with respect to the specific context. This means that anomalies across regions and departments or correlating facets of a specific topic are often overlooked, and the necessary, widespread actions cannot be identified. These points, of course, are currently reported individually from the various functions for liability reasons. The insight that is necessary to make well-founded decisions, however, only emerges when they are combined in a complete, integrated view.
Transforming reporting to a linked view is the key to building acceptance and stimulating the decision-making processes. This is what makes the related issues transparent and brings the necessary insights to the respective areas. Here it is essential that the messages are well aligned within the GRC functions and lines of defense to ensure a common line with regard to the content.
Our recommendation for action
Define a joint map that shows correlations among different topics. Make an effort to work together whenever possible. Address your points initially outside of the realm of formal reporting. This allows you to promote the value of this map for universal use in reporting.
Check back next week for Paradigm 4.