Initially this was sparked by the fallout from a number of major corporate governance scandals, including those affecting Enron, Tyco and WorldCom; all of which led to the enactment of the US Sarbanes-Oxley Act and the concept of a more holistic view of Governance, Risk and Compliance. Interest has also grown rapidly in the UK as legislation and compliance requirements have increased.
Traditionally, most organisations ensure compliance with legislation, regulations and standards by instructing each department to determine the requirements for compliance and specify actions and controls to achieve this. Organisations will therefore have a number of organisational departments for business continuity (possibly aligning with BS25999), for IT security (in many cases aligning with ISO27001), for quality management, etc.
They will certainly have risk management carried out by these various departments, all identifying risks and controls and also individually reporting on these. Managing all of this and pulling it all together into a coherent picture upon which business decisions can be made and priorities can be based in an efficient and effective way is a complex challenge.
commissum’s Principal Assurance Consultant André Coner noted that as the number of legislation, regulatory and compliance requirements increases, the number of departments involved also increases, each defining their own controls and measures. This silo approach causes each department to “re-invent the Wheel”, wasting valuable time and increasing costs while introducing duplication, redundancy and confusion.
commissum’s approach to Unified Governance, Risk management and Compliance creates a common source of information. It creates a common model of the organisation; a unified methodology for managing risk, controlling deficiencies and measurement.