Our GRC Standard has various roles for covering the full ambit of GRC accountabilities and these all belong in a group called Governance Controllers (GCs). Our service sets up the Combined Assurance framework with GC details to manage these accountabilities.
The Basic Fundamentals (Setting up 3 LOA)
The old adage of “what doesn’t get measured, doesn’t get managed” is a fundamental principle on which the effectiveness and efficiency of the regulatory compliance effort relies for its success. Delegating responsibility for the many different oversight functions within a company’s regulatory compliance model that are spread throughout the organisation is crucial. We call this a control group for delivery of combined assurance. Also, having standard procedures in place to ensure consistency of approach and effectiveness of outcomes by this control group is critical.
Governance Controllers With Automated Standard Compliance Procedures
We assist clients in setting up, reviewing and improving their compliance monitoring functions using an internationally benchmarked framework – we advocate the Three Lines of Assurance model with our own Plan-Action-Review-Attest Compliance Monitoring framework. This model relies on having a control group with standard procedures for it to work properly. This is achieved through our methodology that includes the formal appointment of the control group individuals that we call Governance Controllers and the development of Automated Standard Compliance Procedures (ASCPs) that we help our clients establish (see our Regulatory Risk Service on ASCPs) for ensuring consistency of approach and effectiveness of outcomes.
Control Measures and Policies for Risk Management
The effectiveness of monitoring is dependent on sound control measures for all the regulations where risks have been identified, along with the supporting policy framework that drives what the organisation needs to do about the risks. Accountability for this needs to be explicitly governed through a top-down approach using Governance Controllers. Identifying these control measures and managing them is a key component of our Regulatory Compliance Solution TP-RCS and involves all five modules of COMPLY-ASSESS-INTERPRET-FIX-MONITOR. For further details on this see the separate menu selection dedicated to this solution.
Levels of Work and Performance Contracts
We use the concept of stratified systems theory (SST) for resolving the various levels or accountability in the organisation that are required and for setting up the delegation of responsibilities for Governance Controllers at these levels. The ASCPs developed for each role are part of these responsibilities. This forms the basis of performance contracts for the Governance Controllers, covering the Plan-Action-Review-Attest cycle for delivery of their obligations to the Board and meeting key regulatory compliance objectives.
Request for Information
Should you wish to find out more about this or any of our other Portfolio of GRC Services or Solutions, please don’t hesitate to give us a call or email us. Our details can be found at the bottom of this screen or under Contact on the main menu.