Not all risk management is the same
What and who are you looking for specifically?Trendsetter in conversation
Ulrich Palmer, Managing Director at 3grc GmbH
Published in: DiALOG - THE MAGAZINE FOR ENTERPRISE INFORMATION MANAGEMENT | MARCH 2015
In most cases, external factors lead corporate management to deal with the complex of GRC topics: regulatory requirements, demands of investors and financial institutions on the organization and reporting of companies are increasing more and more. Only companies that have set the right course early on will be able to successfully secure the planned development of the company.
But what is actually hidden behind the buzzword GRC? Certainly the regulatory framework for managing and monitoring companies (governance), defined by laws and the company's own guidelines, as well as compliance with legal and voluntary regulations, guidelines, codes and ethical standards (compliance) and the systematic handling of risks (risk). However, if you take a closer look at this term, you will quickly discover that it also includes topics such as sustainability management, value-based management, internal control systems and internal auditing, BCM, data protection and many more.
But what is actually hidden behind the buzzword GRC? Certainly the regulatory framework for managing and monitoring companies (governance), defined by laws and the company's own guidelines, as well as compliance with legal and voluntary regulations, guidelines, codes and ethical standards (compliance) and the systematic handling of risks (risk). However, if you take a closer look at this term, you will quickly discover that it also includes topics such as sustainability management, value-based management, internal control systems and internal auditing, BCM, data protection and many more.
For example, the scope for action in the design of a company-wide risk management system is very broad. If we look at the risk assessment step, we can already see serious differences depending on the approach and industry. Risk assessment is the process step where the implemented risk management systems differ the most, although there are definitely industry-specific characteristics. While banks, insurance companies and energy supply companies are used to dealing with quantitative assessment methods and distribution functions, companies from the healthcare sector focus much more on qualitative approaches.
On the one hand, this development stems from the fact that the people involved have a completely different professional focus. At energy suppliers, you will certainly find many mathematicians and engineers, whereas these professional groups are probably rarely represented in a hospital. The probably more important point, however, is that market risks (e.g., currency risks, commodity price risks), which can be calculated and aggregated relatively precisely, are of central importance for banks and energy suppliers and have a significant influence on the risk portfolio.
No company wants to place an additional burden on its employees through administrative tasks just to comply with its self-determined regulatory framework or the like. Rather, it is important to create added value through a company-specific - possibly integrated - approach, which can then be positioned on the market as a competitive advantage or unique selling point. For example, implementing a suitable GRC or a more focused compliance software can save audit costs to a considerable extent, reduce violations and the associated penalties against the respective applicable jurisdiction, and increase trust among external stakeholders such as shareholders or financial institutions.
Finding one's way through the multitude of these approaches and concepts often requires advice or support from external knowledge providers.But even at this first step, the question "Who is the right person for me?" arises quite quickly.The online hub 3grc.de can provide support here. Bringing together seekers and providers efficiently and purposefully is the objective of the Internet platform founded in 2014. As a topic-related and focused GRC portal, 3grc.de offers market transparency on numerous topic areas, whereby the search can be supplemented by the selection criteria software, consulting and education. With just a few clicks, you can obtain an overview of possible consultants, software providers or corresponding training opportunities. In addition, 3grc.de offers centralized knowledge on the numerous topics in the "Good to know" area.
www.3grc.de