Home > Risk > 12 Questions to ask about GRC – A Summary

12 Questions to ask about GRC – A Summary

The full set of 12 questions directors, executives, and practitioners can ask about GRC is now available, together with an opening discussion on “the GRC mystery” (what GRC is all about).

I would appreciate your comments and suggestions, both on the set taken as a whole and on each individual topic area.

The GRC Mystery

  1. Are goals and strategies to achieve them clearly established and communicated across the organization, so that there are common goals and objectives?
  2. Does the organization work in harmony, sharing information and working towards shared goals?
  3. Is there integration between strategy-setting and risk, performance management and risk, budget and strategy, strategy and compliance, etc.?
  4. Are functions/processes/systems fragmented, inhibiting performance?
  5. Does the organization have a culture that embraces performance, intelligent taking of risk, and compliance with laws, regulations, and society’s expectations?
  6. Is performance measured and rewarded consistent with delivery of value, achievement of objectives, and organizational values – long and well as short-term?
  7. Does management (at all levels) have quality, reliable, timely, current, useful information readily available when and where they make decisions?
  8. Is there a reliable view of risk across the organization?
  9. Is the voice of risk heard?
  10. Does compliance ‘chase the bus’, or is it part of strategy-setting and initiative decisions?
  11. Does the board receive timely, quality, reliable, current, and useful information to advise on strategy, monitor executive performance, and function effectively?
  12. Does the board have continuing assurance of the effectiveness of GRC processes?

Later, I will extend the discussion by sharing my thoughts on “GRC programs” and “GRC technology” – which flow, I believe, from the understanding of GRC proposed by this series of questions.

  1. Zubair A.Khurshid, Six Sigma, ISO 9001, Program and Budget Management Professional
    July 30, 2012 at 2:13 PM

    This gives a good idea on assessing where does the organization stands in terms of GRC.

  2. September 12, 2012 at 3:08 PM

    This is so amazing. I couldn’t stop reading it! I think this place will become my latest bookmarked site!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: