Personalized GRC

There is little doubt that risk management has begun to assume an ever greater significance in the post credit crunch world. In all the analysis of what went wrong, however, one common theme seems to be emerging: in many cases, there was a loss of individual ownership of risk management practices because of a failure to personalize them.

 

It was not that firms did not have risk management policies in place before the crunch. Many had a top down approach that effectively imposed procedures on the organization. They also had external bodies, such as auditors and regulators, endorse their procedures and validate their practices. Today, experts are beginning to understand that while centralized control of risk management practices is vital, a personalized approach and distribution of its ownership promote a sense of participation and belonging among staff. Without full staff engagement in the process, a top down approach to risk management is likely to meet stiff resistance from individual departments and staff members.

 

Before the credit crunch most companies' approach to governance, risk management and compliance (GRC) had remained unchanged for years. Now it is widely acknowledged that this lack of evaluation of GRC practices contributed to firms' inability to respond appropriately to the risks that emerged during the crisis. As regulators and rule makers all over the world have sought to establish new regulations to shore up the financial system, so financial organizations have had to review their GRC practices - which govern the way they approach these regulations. The answer has been to move towards personalization of GRC practices whereby individual business units and staff members can begin to embrace those practices, recognizing their relevance to their own work and that of their department, how they fit into the overall GRC picture and the consequences of any risk management decisions that they may have to take.

 

This report examines recent trends in GRC practices, including good practices that firms are adopting, some real life examples of how companies' risk management practices failed them in the credit crunch and the need for a more personalized approach. It also considers how ERA Kairos, the latest version of Methodware's GRC software platform, can help businesses meet the personalization challenge and includes two user case studies.