What is Actually The Integrated GRC? - Interview with Carole Switzer, Co-Founder and President OCEG

CRMS Indonesia

6 Mar 202009:36

Summary

TLDRIn an interview at the GRC Summit 2019, Carol Switzer, co-founder and president of OCEG, discusses the concept of integrated Governance, Risk management, and Compliance (GRC). She emphasizes its role in achieving 'principled performance,' where organizations can meet objectives while managing risks and maintaining integrity. Switzer highlights a growing global interest in GRC, particularly at the governmental level, and stresses the importance of collaboration and technology integration. She also urges Indonesian corporate and public sectors to adopt principled performance to enhance societal development and navigate the complexities of the global economy, especially concerning cybersecurity and anti-corruption measures.

Takeaways

😀 Integrated GRC involves a set of organizational capabilities that enhance governance, performance, risk management, and compliance.
🌍 'Principled performance' is when an organization achieves its objectives while managing uncertainty and acting with integrity.
📊 Effective measurement is crucial for evaluating both performance and risk within an organization.
🔍 Organizations should identify both threats and unexpected opportunities to enhance decision-making.
⚖️ Integrity encompasses compliance with laws and alignment with organizational values, defining both mandatory and voluntary boundaries.
🌐 There is increasing interest in integrated GRC at the governmental level, notably in countries like the UK.
📈 Global companies are focusing on integrated GRC processes due to the complexity and rapid change in information management.
💻 Technology companies are improving systems to integrate with existing data storage solutions, enhancing GRC capabilities.
🔗 OCEG is exploring a blockchain project to further enhance data sharing in GRC.
🇮🇩 For Indonesia, adopting a principled performance approach can support societal and economic development while addressing global compliance standards.

Q & A

What is integrated GRC?
-Integrated GRC refers to a set of capabilities that enable better governance, performance against objectives, stronger risk management, and compliance within an organization.
What does OCEG mean by 'principled performance'?
-Principled performance is the ability of an organization to reliably achieve its objectives while addressing uncertainty and acting with integrity.
How does integrated GRC relate to risk management?
-Integrated GRC involves identifying both threats to achieving goals and unexpected opportunities, enabling organizations to manage risks effectively.
What are the two lines along which integrity is measured?
-Integrity is measured by keeping promises related to compliance with laws and regulations, and aligning with the organization's vision and values.
What global trends are influencing integrated GRC?
-There is growing interest in principled performance at governmental levels and among global companies, along with advancements in technology that support integrated GRC systems.
What role does technology play in integrated GRC?
-Technology companies are designing systems that integrate with existing data storage systems, enhancing the capability to manage GRC effectively.
How can Indonesia benefit from adopting an integrated GRC approach?
-An integrated GRC approach can help Indonesian government agencies share information more effectively and support societal and economic development.
What challenges does Indonesia face regarding global economic engagement?
-Indonesia must address corruption, anti-bribery, and cybersecurity threats to meet global standards and protect personal and corporate information.
What is the significance of regulatory compliance in GRC?
-Regulatory compliance is essential for ensuring organizations operate within legal frameworks and uphold ethical standards, which is crucial for principled performance.
Why is it important for Indonesia to stay ahead in cybersecurity regulations?
-Staying ahead in cybersecurity regulations is critical to protect against threats that can compromise safety and operational integrity, as demonstrated by recent cyber incidents.