Grc Kpmg

Governance, Risk, and Compliance

Driving Value through Controls Monitoring

ADVI S O R Y

© 2008 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.

G R C :

A

Def InItIOn

Governance, risk, and compliance (GRC) is more than a software solution; it is a strategic discipline. GRC is a continuous process that is embedded into the culture of an organization and governs how management identifies and protects against relevant risks, monitors and evaluates the effectiveness of internal controls, and responds to and improves operations based on learned insights. GRC is the integration of all governance, risk assessment and mitigation, and compliance and control activities to operate in synergy and balance. A GRC strategy can help create business value by reducing costs, identifying operational inefficiencies, rationalizing controls, and enabling identification and management of risks. GRC works best when multiple roles (e.g., corporate secretary, corporate compliance, enterprise risk, internal audit, IT, line of business, investigations, legal) collaborate within a common framework and architecture to bring an enterprise view across governance, risk, and compliance activities throughout the organization. A GRC strategy can help an organization prevent “surprises” while preserving shareholder value.

© 2008 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.

C On t e n t S Introduction The Current Environment GRC Maturity Assessment Controls Monitoring: Opportunities and Challenges An Approach to Implementing Controls Monitoring Tools Conclusion 1 2 3 6 8 14

© 2008 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent...