Home > Risk > Governance: the overlooked part of GRC – contributions welcome

Governance: the overlooked part of GRC – contributions welcome

February 19, 2010 Leave a comment Go to comments

GRC stands for governance, risk management, and compliance. However, most pundits, analysts, vendors, and service providers focus on the R, with some attention on the C, but give scant time and attention to the G.

It is time to shine more light on Governance and related software solutions. While there is no doubt about its importance, too little information is available on how technology can enable efficient and effective governance functions and processes.

There are several different definitions of Governance. For the purposes of this exercise, let’s use the OCEG definition of Governance as:

“.. the culture, values, mission, structure and layers of policies, processes and measures by which organizations are directed and controlled. Governance, in this context, includes but is not limited to the activities of the Board, for governance bodies at various levels of the organization also play a critical role. The tone that is set, followed and communicated at the top is critical to success.”

Everybody can contribute by adding to my list of functions/processes included in Governance:

  • Shareholder meetings and communications
  • Proxy management
  • Board meeting management, including board briefing material communication, security, etc.
  • Code of conduct communication, training, and testing
  • Investigation management
  • Whistleblower hotline management
  • Legal case management
  • Strategy management
  • Long-range planning
  • MBO management
  • Policy, standards, and procedure management
  • Human resource management
  • Operational and financial performance management
  • Capital project management
  • Business continuity management
  • Fraud detection
  • Legal entity management
  • Corporate social responsibility management
  • Intellectual property management
  • Physical security management
  • Privacy
  • Information security
  • Product quality

I want to provide a location where organizations interested in software for governance processes can see what is available.

This is an open invitation for any vendor or service provider to post a comment that describes their Governance solution(s).

A few conditions:

  1. Only provide information on solutions for Governance. Solutions that focus on Risk or Compliance do not qualify
  2. Explain how your solution addresses one or more Governance processes/functions
  3. No negative comments on other vendors are permitted
  4. While I agree that internal audit, information security (including privacy), and fraud detection are a critical Governance functions, this post is not to collect information on them. They are already fairly well advertised
  5. Feel free to include links to additional information. However, what is posted here should be sufficient for anybody to understand in broad terms what is offered
  1. February 23, 2010 at 8:55 AM

    I applaud your initiative and am very interested in the results. One fine point I’d like to makes is that in my mind “governance” is distinct from “management”. I would therefore question each of the governance “functions/processes” that include the term “management”.

    To contribute to your list of software, please review:
    BoardSuite at http://boardsuite.ca/
    EnForm at http://www.informgis.co.uk/index.html
    Diligent BoardBooks at http://www.boardbooks.com/diligentbooks/index.shtml
    BoardVantage at http://www.boardvantage.com

  2. February 23, 2010 at 2:50 PM

    Your post has great merit. I would recommend that you add “disclosure” to the list of governance functions/processes.

    I recently joined BoardSuite Corp. (www.boardsuite.ca) as its Chief Marketing Officer. When I first took the board portal solution for a test drive I realized that it truly provides a 360 degree view of the end-to-end governance cycle.

    As a director or officer of a corporate board, mitigating personal, professional and corporate liability, getting timely access to corporate information and reducing administrative costs are crucial elements that BoardSuite enables board members to manage from a central repository.

    BoardSuite users have complete governance oversight and can track all board tasks and transaction activities to ensure their company is compliant with regulatory demands thereby reducing risk and liability.

    Board members (and advisors) are granted access to the virtual minute book, board packages, contracts, committee documents, financials, strategy documents, operational documents, collaborative tools and a marketplace of business services through a secure, permission-based SaSS portal. With internet access, users can connect to the portal 24/7.

    The biggest selling feature is that the solution is FREE; the new business model in the social economy.

  3. February 24, 2010 at 10:23 AM

    Here is another governance software company:
    Governance Integrity Solutions (UK) Limited at http://www.informgis.co.uk

    They are a start-up in the UK with a track record in South Africa that offers a web-based corporate governance monitoring and evaluation system.

  4. March 1, 2010 at 7:43 AM

    Very interesting blog.

    Please allow me to propose one of our solutions we have been selling with good success tou our customers in Germany. http://www.protected-networks.com

    8man visualizes, offers reporting and logging functionalities for fileserver and active directory.

    Best regards Jochen Arms from Berlin

  5. March 2, 2010 at 10:55 AM

    Great post on a very interesting topic and challenging definition to nail down. But, in answer to your question on governance solutions, we would offer our own Issue & Event Manager (IEM) which currently serves more than 2300 customers, including many of the Fortune 500. In brief, EthicsPoint’s IEM provides a comprehensive, innovative framework for data intake, investigations management and event resolution, ultimately delivering a more accurate picture of our customer’s governance issues. Providing scalable SaaS solutions, the IEM framework leverages EthicsPoint’s global hotline – both phone and Web – as well as other intake and report management systems to integrate disconnected data silos at the organizational level, generating an accurate picture of enterprise risk while also providing immediate benefits as a point hotline solution. More information, white papers and case studies can be found at: http://www.ethicspoint.com.

  6. March 8, 2010 at 10:09 AM

    Hi Norman,

    I think the OCEG definition you used is a good one. When you think about what an organization needs to support those activities listed in the first sentence, the first two words that I think of are “documentation” and “communication”. You can’t effectively “direct and control” an organization without the right documentation, but just as important is the means to communicate the right information to the right people.

    Virtually all of the bullet points you listed manifest themselves as documentation. Who created it? Who approved it? When does it expire? Who is supposed to read it? Who has actually read it? When did it last change? Our SaaS solution policyIQ (www.policyiq.com) was launched in 2002 to address these questions and more. Organizations use it to manage the documentation of all of the processes you listed, plus the relationship between risks, controls, and compliance testing. It even has a whistleblower module included, and the ability to create online forms to automate the collection of data in some of these processes.

  7. Deborah Johnson
    March 16, 2010 at 7:58 PM

    Governance describes the overall management approach through which senior executives direct and control the entire organization, using a combination of management information and hierarchical management control structures. Governance activities ensure that critical management information reaching the executive team is sufficiently complete, accurate and timely to enable appropriate management decision making, and provide the control mechanisms to ensure that strategies, directions and instructions from management are carried out systematically and effectively.

    Norman, as a vendor, turned consultant, turned product development, back to vendor, and consulting again, I have to address your comment “It is time to shine more light on Governance and related software solutions. While there is no doubt about its importance, too little information is available on how technology can enable efficient and effective governance functions and processes.”

    The information is abundant with regard to advanced technology; the most astounding fact is simply stated: The issue is the inability to get to your audience! The fact is people making decisions are so removed from the process, the information that gets translated back has traveled through 15 people with 15 different opinions, 15 different agenda’s, 15 different determinations on what is and is not important. IT wants the latest and greatest, Legal wants to reduce risk while standing still, the CFO wants the cheapest, the CEO wants to stay out of trouble, and the CIO is stuck in between.

    I wholeheartedly agree that every vendor claims to be the market leader and it’s difficult to break through the clutter, I am frustrated everyday trying to help people who I either can’t get to or don’t want to listen.

    Every day I read about data, information risk management, understanding context, transparancy and the lack of solutions to provide it, Analytics, technology just isn’t there yet, etc.! There are phenominal solutions to address this-we are not being heard.

  8. Deborah Johnson
    March 16, 2010 at 8:04 PM

    Forgot to credit Wiki with the Governance definition; which is one of 30 different definitions of Governance. 😦

  1. March 8, 2011 at 9:44 AM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: