Governance - Risk - and Compliance

Question: Discuss about theGovernance, Risk, and Compliance. Answer: Introduction The concept of governance, risk and compliance (GRC) has emerged in the recent years to provide the organizations with the guidance on controlling the risk through increased compliances. The regulators from all over the world are emphasizing on strengthening the governance in the firms to increase compliance with the regulatory requirements and reduce the risk of business failures (Tarantino, 2008). The GRC is also referred to a managerial framework which guides the management from bottom to the top level in implementing the strong governance system. The corporate scandals in the recent decade and the risks emanating from the emerging technological environment have laid the invention of the concept like GRC. In this context, this paper has been prepared to address various aspects related to the governance, risk, and compliance. In particular, this paper addresses the importance of compliance in the financial service sector and the issues in implementing the GRC framework in the firms . Importance of Compliance in the Financial Services Sector and Current Concerns and Issues Compliance refers to the observance of legal law and regulations by the business entities. The laws and regulations could be related to any aspect like accounting and reporting, taxation, company laws, environmental laws etc. In general, the non compliance with laws and regulations is punishable with fine, penalties and prosecutions, thus, it becomes essential for every business entity to comply with the laws and regulations rigorously (IT Governance Institute, 2007). However, the financial sector is considered to be more risky and considering its critical role in the economy, the government provides for more rigorous rules and regulations for the entities operating in the financial sector. Further, the financial service sector of one country could affect the entire world (IT Governance Institute, 2007). The global financial crisis of 2007-08 happened due to collapse of the banking and financial service sector of the United States. This global financial crisis disturbed the economies around world (Ward, 2016). Thus, from the regulatory perspective, the banking and financial sector is considered to be the most vulnerable. The steps for risk control and compliance in the banking and financial sector are not being only taken at the country level but at the international level. The implementation of Basel accords by the Basel Committee is an example of steps taken at the international level. The regulatory bodies are the strictest in the case of banking and financial sector. However, there are various issues being faced by the banks and other financial sector entities in regard to governance risk and compliance (Ward, 2016). The first and foremost issue is the complexity of the regulations. In Singapore, the regulations of the banking, financial, and insurance sector is taken care of by the monetary authority of Singapore (MAS) (GLI, 2016). The regulatory environment is very tough in the Singapore which makes it difficult for the banks and financial sector entities to firmly comply with all the regulations. Due to the compliance framework being difficult, the banks find it very costly to implement a proper mechanism to ensure compliance with the laws and regulations. Further, there are information technology related issues which the financial sector entities are facing. The technology is changing at the rapid pace making it difficult for the entities to keep pace with the changes. New areas of risk emerge day by day due to rapid innovations in the technology. The innovations or changes in the technology keep the entities in financial sector exposed to the risks (GLI, 2016). Approaches to Identify Weaknesses in Compliance Implementation and How Does Implementation Become Effective In order to ensure that the implemented compliance framework is effective in addressing the compliance related issue it is essential to identify the weakness, if any, in the system (Moeller, 2011). There are various approaches which the entities can adopt to identify weaknesses in the compliance mechanism as discussed here under: Internal Auditing Internal auditing is the control function of the management which focuses on identifying the loopholes in the internal processes of the organization (Moeller, 2011). The main objective of conducting the internal audit is to find out the weak areas which can be exploited by the perpetrator. Further, the internal audit also provides adequate suggestions for the improvements on the weak areas. Thus, internal audit would be a good option available to the management for identifying the weaknesses in the compliance framework or system (Moeller, 2011). Involvement of Top Management The proactive participation of top management is required in assessing the current compliance system and identifying the weaknesses therein (Moeller, 2011). The top management of a company comprises of board of directors and the CEOs. Without active involvement of the top management, it would be difficult to locate the problem areas and even if the problem areas are located, the involvement of top management would still be required to get sanction for carrying out the corrective actions (Moeller, 2011). Technology Enabled Compliance Framework The innovations in the field on information technology have affected all facets of the organizational working, the risk and compliance is not an exception to this. In order to identify the weak areas in the compliance framework in quick time, it is necessary to have technology driven tools and techniques. The firm should also have the required infrastructure to support the technology (Salinesi and Pastor, 2011). Report on Non Compliance There must be a system to report on the non compliances observed in the day to day working. The reports on the non compliances should be presented to the top management for consideration. Further, the top management needs to be attentive and proactive while considering the reports of non compliance. The top management should react proactively and provide the resolution for the weak areas (Salinesi and Pastor, 2011). In order to make the implementation of compliance framework effective, the firms is first required to plan appropriately. The planning is important to do the tasks with effectiveness and efficiency. Thus, the management of the company should plan in advance as to the resources required and timing of implementation (Salinesi and Pastor, 2011). Further, it is also crucial to assess the benefits and problems that would arise after implantation of the compliance framework. The assessment of problems in advance is critical to keep the provisions for the cases of emergency and ensure that the implementation become effective. Further, the most important is participation of all who will be affected after implementation of the compliance framework. This will reduce the chances of resistance from the people within the organization for changes that will take place after implementing the compliance framework (Salinesi and Pastor, 2011). Scope of Risk Management Principles and Frameworks The risk management principles and frameworks are issued with the primary motive of guiding the firms in implementing the governance, risk, and compliance systems. There are various international organizations which formulate the risk management principles and framework such as ISO, ISACA, and COSO. The principles and frameworks issued by these organizations are based on the integrated technology which covers the entity from end to end (Gibson, 2014). For example, the COBIT 5 is widely used in the entities in framing the organizational policies on the governance and risk compliance. The COBIT 5 provides a set of best practices to the firms which help them in designing the overall system of governance, risk, and compliance. Further, it also works as the guiding tool for the IT professionals in auditing and testing the governance, risk, and compliance frameworks implemented by the entities (Gibson, 2014). Further, there some other frameworks such as information technology and infrastructure library (ITIL) and ISO/IEC 38500:2008, which also work as a guiding tool. These frameworks assist the entities in managing the IT related risks and enable them to operate in a riskless environment (Sobh and Elleithy, 2014). Further, the COBIT 5 is so flexible that it can be accommodated according to the organizations specific requirements. The best practices of risk management provided in the COBIT 5, ITIL, and ISO/IEC 38500:2008 assist the organizations not only in managing and controlling the IT related risk but also the risks such as compliance risk. The best practices, frameworks, and principles are useful in design and implementing risk mitigation methods in the organizations (Sobh and Elleithy, 2014). For example, the banks are made obligatory to comply with the reporting and disclosure requirements of Basel-III. The Basel-III has been issued by the Basel committee to report on the capital adequacy by the banks. Complying with the Basel-III requirements is a sophisticated process requiring a proper mechanism with expertise and resources. Thus, there exists a risk that banks might report incorrect particulars in the Basel-III reports leading to default in compliance. In order to reduce this risk, the banks are required to put in place an adequate mechanism and design the processes to complete the task of reporting under Basel norms. Now, here while designing the processes and structuring the mechanism, the bank would require guidance wherein the risk management principles and frameworks play a crucial role (Sobh and Elleithy, 2014). Scope of Quality Compliance Monitoring Program and its Execution The quality compliance monitoring program is essential to ensure that the firm operates as per the laws and regulations (Mulder, 2000). For example, a bank operating in Singapore would be required to meet out the legal requirements specified by the Monetary Authority of Singapore (MAS). Further, the bank will also have to comply with the various reporting requirements such as preparing financial statements and annual reports in accordance with the generally accepted accounting principles and submitting the accounts to the regulatory authority. Thus, in this connection, the quality compliance monitoring program would help the bank in ensuring that it complies with the laws and regulations of MAS, stock exchanges regulators, and accounting bodies (Mulder, 2000). The quality compliance monitoring program provides for the overall approach to be adopted by the firms in managing the compliance risk (Mulder, 2000). In a quality compliance monitoring program the firms list out the laws and regulations, methods to ensure compliance, and responses in case of breach of compliance. Thus, the quality compliance monitoring program demonstrates the overall planning of the firm towards compliance risk management and control. However, the execution of quality compliance monitoring program could be challenging in certain circumstances (Mulder, 2000). A compliance officer is to be designated to lead the execution of quality compliance monitoring program. The compliance officer could be from the top management like from and amongst the board of directors of the company (Kirmeyer, 2000). Further, the execution of the program would require assigning a team of members to the compliance officer who would be leading that team. In this regard, it is important that the compliance officer assigns the job responsibilities in a clear manner to the team members. Further, the compliance officer has to maintain strict supervision and controlling on the activities of team members to ensure that the tasks are completed in effectively and efficiently. There must be a system of continuous reporting on the progress of program execution. Further, the compliance officer has to take stringent actions against the team members who are found reckless in performing their duties (Kirmeyer, 2000). Methods to Design and Deliver Short-Term Training to the Staff and Measures to Assess the Impact of Training Training is essential for the development of the newly recruited personnel in every type of organization. The management should plan and maintain adequate resources to train the newly recruited personnel on the crucial aspects of the business concerning their job responsibilities (Luca, 2007). The training is essential to bring in efficiency and the effectiveness in the operations and benefit organization in terms of increased output and reduced cost. The management can adopt the methods suited to the organizations environment to train the employees. However, whatever method is chosen, there must be a formal process documented in the properly drafted training program (Luca, 2007). In regard to the training of employees, the management should identify the needs of training by going through a discussion with the employees to be trained. Further, the management needs to appoint instructor to impart training among the employees. After appointing the instructor, it will be crucial to define the objectives of training (Luca, 2007). The clear definition of the objectives of training is essential to make the personnel attentive and get the full benefits of the training program. After getting the objectives of training set, the management needs to design the training model. For this purpose, the management can use three models such as system model, transitional model, and instructional system development model (Luca, 2007). The instrumental system of development model is considered to be the most suitable method of employee training. This model consists of five steps such as analysis, planning, development, execution, and evaluation. The five steps of instrumental system of development model cover all the crucial aspects of employee training (Luca, 2007). At the very first step, the trainer carries out a comprehensive analysis of the needs of employee training and the resources needed. The planning phase provides goal setting and preparing plans for training of the employees including the plans for material needed for training. Further, in the development phase the trainer gets the material of training on the floors and indulges in preparing training notes and lectures. Next to the development phase comes execution phase in which the trainer executes its plans practically. The last but not the least is evaluation phase in which the trainer evaluates the success of the training program (Luca, 2007). The motive behind the training should be made very clear to the employees so that the entire training goes in the desired manner. Further, the trainer developing the training program should ensure that the objectives of the training program are in the best interest of the company as a whole (Kirkpatrick, 2009). In addition to this, to make the training program successful the objectives must be realistic which seems achievable in the normal circumstances. The management is also required to adopt the measures to assess the impact of training on the employee as part of the post training exercise. In order to assess the impact of training on the employees, it is essential to observe the performance of employees after training and compare the same with the performance before training (Kirkpatrick, 2009). Conclusion This paper extends discussion on the topic of governance, risk, and compliance along with the risk management, compliance monitoring, and employee training. From the discussion carried out in this paper, it can be articulated that the governance, compliances, and the risk management is an emerging issues around the world. The regulators from all over the world are taking initiatives to enhance compliance, reduce the risk, and increase the governance. In this direction, the regulators have made it compulsory for the firms, specially the firms operating in the banking and finance industry to comply with the GRC norms. Further, paper also highlights the approaches to identify the weaknesses in the GRC framework. Additionally, the needs for training and the methods to impart training have also been highlighted in this paper. References Gibson, D. 2014. Managing Risk in Information Systems. Jones Bartlett Publishers. GLI. 2016. Banking regulation 3rd edition: Singapore. [Online]. Available at: https://www.globallegalinsights.com/practice-areas/banking-and-finance/global-legal-insights---banking-regulation-3rd-ed./singapore [Accessed on: 17 February 2017]. IT Governance Institute. 2007. IT Control Objectives for Basel II: The Importance of Governance and Risk Management for Compliance. ISACA. Kirkpatrick, D.L. 2009. Evaluating Training Programs: The Four Levels. ReadHowYouWant.com. Kirmeyer, G.J. 2000. Guidance Manual for Maintaining Distribution System Water Quality. American Water Works Association. Luca, B. 2007. Handbook of Visual Languages for Instructional Design: Theories and Practices: Theories and Practices. IGI Global. Moeller, R.R. 2011. COSO Enterprise Risk Management: Establishing Effective Governance, Risk, and Compliance (GRC) Processes. John Wiley Sons. Mulder, B.S. 2000. The Strategy and Design of the Effectiveness Monitoring Program for the Forest Plan. DIANE Publishing. Salinesi, C. and Pastor, O. 2011. Advanced Information Systems Engineering Workshops: CAiSE 2011 International Workshops, London, UK, June 20-24, 2011, Proceedings. Springer. Sobh, T. and Elleithy, K. 2014. Innovations and Advances in Computing, Informatics, Systems Sciences, Networking and Engineering. Springer. Tarantino, A. 2008. Governance, Risk, and Compliance Handbook: Technology, Finance, Environmental, and International Guidance and Best Practices. John Wiley Sons. Ward, S. 2016. The Changing Face of Compliance: Managing Regulatory Risk. Routledge.