This week I attended the GRC Summit 2009 conference in Boston.  As with all conferences of any kind, there were good sessions, less interesting sessions, and all things in-between.  But, in general, I thought they did a good job of getting interesting topics and knowledgeable speakers. The first keynote was given by Michael Rasmussen, a leading GRC analyst and Founder of Corporate Integrity, Inc.  His presentation was an excellent overview of the issues relating to GRC, and was based on the frameworks and models put forth by the Open Compliance and Ethics Group (OCEG).  OCEG is also a GRC thought-leader, and I would highly recommend their website as an excellent source of guidance for companies who want to  improve their risk and compliance activities. One of the areas that Michael covered nicely was a summary of the benefits of a unified approach to GRC.  There's nothing earth-shaking here, but sometimes in the heat of the GRC battle, the very profound benefits can get lost in the daily challenge of deployment.  Here's a quick summary of them:

• Sustainability – helps an organization become and remain agile and flexible, can respond better to business changes, especially new or changing regulatory requirements.
• Accountability – helps establish clear ownership of risks, policies, controls, etc.  And, as changes in one area (like a control test) occurs, the impacts on other areas (like the related risk) is clear.
• Consistency – when certain business processes (such as risk assessments) are done essentially the same across the organization, it increases efficiency and improves communication.  It also improves the quality of the information derived from each business process.
• Transparency – helps ensure that each person gets the information that they need for their job, and in a format that maximizes good decision-making.   Improves visibility of risk, mapping of controls to regulatory requirements, policy adherence, etc. 
• Efficiency – This is typically the biggest short-term benefit for most companies.  Efficiencies are gained from streamlined and common processes, elimination of redundancy (duplicate control testing activities), reduction in the number of controls (through rationalization of controls across regulations), and automation of previously manual processes.  The efficiency gains can, over time, be very significant.