Scribd
Upload
19 views

GRC - Unravelling The History

The document discusses the history and evolution of governance, risk, and compliance (GRC) from its origins in the early 2000s to the current focus on cognitive GRC using technologies like AI. It outlines the key events that shaped GRC, from the Sarbanes-Oxley Act in response to accounting scandals to the progression through different stages of GRC integration and capabilities.

Uploaded by

bluelimevikas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
19 views

GRC - Unravelling The History

The document discusses the history and evolution of governance, risk, and compliance (GRC) from its origins in the early 2000s to the current focus on cognitive GRC using technologies like AI. It outlines the key events that shaped GRC, from the Sarbanes-Oxley Act in response to accounting scandals to the progression through different stages of GRC integration and capabilities.

Uploaded by

bluelimevikas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Governance, Risk and Compliance : Unravelling the History

1. ‘GRC’ term was first coined in the early 2000s by Michael Rasmussen, a researcher
with Forester. In 2002,, Rasmussen while sitting through a number of presentations from
software companies and consultants noticed the overlapping qualities between
Governance, Risk Management and Compliance, labeled it as ‘GRC’ and the name stuck.

2. The Open Compliance & Ethics Group (OCEG) reinforced Rasmussen’s GRC
acronym defining GRC as “critical capabilities that must work together to achieve
Principled Performance - the capabilities that integrate the governance,
management and assurance of performance, risk, and compliance activities.”

3. In the year 2002, enormous accounting scandals at organisations such as Enron,


Worldcom, and Tyco prompted the Sarbanes-Oxley Act of 2002 (SOX), passed by the US
congress to protect investors from the possibility of fraudulent accounting activities by
corporations. The global corporate world was changed forever with two key sections from
SOX driving the change.

(a) Firstly, section 302 mandated that senior management were responsible for
the accuracy of the reported financial statement.

(b) Secondly, section 404 required that management and auditors established
internal controls and reporting methods on the adequacy of those controls.

4. In Europe and the rest of the world, the effect of SOX was apparent. New
regulations appeared and old regulations made more stringent. The companies became
more focussed on the concepts of risk, controls, corporate governance or business
efficiencies and regulatory compliance leading to GRC prominence.

5. Evolution of GRC.

(a) GRC 1.0 SOX Captivity (2002-2007). This was the period where GRC
was shaped. It was defined as the integrated view of the objectives' risk, controls,
and policies. However, for a few years, the focus was towards the Sarbanes Oxley
(SOX) and internal controls over financial reporting.
(b) GRC 2.0 Enterprise GRC (2007-2012). As technology advanced, the
enterprise view of risk, control and policies was developed. So that multiple
departments could work off a common information and technology architecture to
manage the risk, control, policies, audit, compliance and assessments.

(c) GRC 3.0 GRC Architecture (2012-2017). With this GRC evolution, the GRC
system was integrated with other business systems and a GRC architecture was
built to integrate GRC initiatives.

(d) GRC 4.0 Agile GRC (2017-2021). Agile GRC was born with the need to
design a configurable GRC technology solution which could be customised to the
requirements of an organisation. This is the current stage of the GRC

(e) GRC 5.0 Cognitive GRC (2021 to the current day). This version is not
only to facilitate compliance, but will produce actionable insights most quickly.

6. Today, organisations are looking toward the future - at the next-generation of cloud-
based alternatives, shared service centres, innovations around mobility options, and the
benefits of real-time ‘digital boardrooms.’ As GRC is becoming critical, new technologies,
including AI and ML, NLP, predictive analytics, and blockchain are changing the stage for
GRC making it more efficient. The opportunities abound but there has never been a time
when it is more vital to be cognisant of the ‘true’ value of GRC.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy