At the CA World conference recently, I attended
a luncheon in which the featured speaker was Scott Mitchell, the CEO of the Open Compliance and Ethics Group (OCEG).
OCEG has emerged as a leading organization in the effort to improve and establish consistency of GRC activities among large enterprises. OCEG currently has over 19,000 members, and they have made significant progress in establishing and promulgating industry best practices for GRC. The OCEG web site
www.oceg.org - provides a wealth of useful GRC information, and the
GRC Framework, also known as the Red Book, is increasingly considered an industry best practice for GRC initiatives.
Scott covered a broad range of topics during his talk. There was one that was particularly compelling from my point of view. In discussing the need for a unified approach to managing risk and compliance, he emphasized the following key business drivers:
1. The high cost of information silos "" siloed approaches to risk and compliance result in redundant activities and high total compliance costs.
2. The high costs of poor information quality "" the lack of a "single source of truth" for risk and compliance information can reduce the effectiveness and quality of decision-making.
3. The high costs of getting it wrong "" an ineffective risk and compliance program can, and does, result in loss of corporate reputation, increased business interruption, and reduced employee productivity.
He had several interesting anecdotal examples of the power and impact of these business drivers. Space precludes me from summarizing the whole talk, but if you
email me, I will be happy to send you his slides.