Compliance Consortium Defines Operational Framework for GRC Requirements

May 20, 2005

The Compliance Consortium, an international membership organization formed in June 2004 to promote effective governance, risk, and compliance management (GRC), has published its operational approach for managing GRC requirements within the enterprise. Applicable to both public and private companies, the framework is designed to assist senior management and boards of directors in setting objectives for managing a wide range of compliance-related activities and instituting the programs needed to attain those objectives. This initial version is a "public draft" and is intended to invite constructive criticism and ultimately to build a broad consensus within the hundreds of companies that have registered as part of The Compliance Consortium Community over the past year.

Key findings in the document include: For organizations to be successful, GRC must be viewed as a distinct area of focus, standing apart from other important concerns such as market expansion, investment in information technology, and the ability of the management team. Leveraging the guidelines set forth by the U.S. Sentencing Commission, the Consortium has defined seven operational concerns to serve as a framework for organizing and managing GRC operations; these range from clearly assigning responsibilities at all levels of the organization to establishing incentives and discipline to promote compliance. The Consortium has developed a list of 12 questions that board members and senior management should ask to help ensure organizations are on track with their GRC objectives.

Areas of interest to the Compliance Consortium include GRC best practices and reference architectures, influencing and contributing to GRC-related industry and computing standards and establishing conferences and other professional events focused on GRC-centric topics. Founding Consortium Members include Axentis, Approva, Corpedia, Hyland Software, Inc., Hyperion, Intuition, Jefferson Wells, Navigant Consulting, and The Network.

OCEG is a not-for-profit organization that provides a framework (the OCEG Framework) for integrating governance, compliance, risk management, and integrity into the tangible practice of everyday business, drives adoption of the Framework through a multi-industry, multidisciplinary coalition, and provides a community of practice for the exchange of information, tools, benchmarking, and feedback for continual improvement of the Framework.