Skip to main content
Poole College of Management
Enterprise Risk Management Initiative
Risk Monitoring and Communications

Managing Risk Through GRC to Improve Financial Processes

November 1, 2008 3-min. read

The Economist Intelligence Unit surveyed 446 senior executives from nine industries about their views on how to improve internal financial processes.  The survey focused on companies’ attempts to streamline governance, risk and compliance (GRC) processes and the associated impact on the financial functions of the business.  The primary conclusion was that a holistic GRC system could be instituted as a value-added activity and would result in streamlined financial processes.  Trying to reduce costs and streamline financial processes as a bottom-up approach was not as effective and doesn’t fully assess risks.

This paper, published by The Economist Intelligence Unit, defines GRC as the way a collection of board and C-suite approved guidelines or policies are put into operation as a set of rules, processes, and controls.  The most effective use of GRC processes is to control risk and enhance decision making, by flagging management when things are not going consistent with these guidelines and policies.  In doing so, GRC provides a mechanism to monitor emerging risks affecting an organization.

Executives have been working for over a decade to streamline and harmonize their financial processes.  The survey found the top obstacles in many financial systems were the presence of too many manual processes, inconsistent methodologies, complex procedures, lack of visibility and accountability of tasks along the processes, and the use and generation of inconsistent or redundant data.  These obstacles make effective risk identification and problem solving difficult for executives, especially chief financial officers (CFOs).  A cost barrier was cited as the number one reason for not addressing these concerns.  Forty-eight percent of executives found converting to automated systems too expensive and over 30% pointed to cost concerns for failure to address the other top two issues; inconsistent methodologies and complex procedures.  But, more have realized that the costs need to be balanced against risks.  The failure to make needed changes to financial processes may actually be allowing risks to arise that are beyond the organization’s tolerance for risks.

However, some executives have found that incorporating these upgrades into a holistic GRC system can result in savings that exceed initial costs.  Automated systems and other control techniques can lead to cheaper audits, lower overhead, better business decisions, fewer instances of non-compliance, and prevent restatements of financials.

Despite some respondents’ hesitance to incorporate GRC best practices, 75% report using a holistic system and regularly including risk evaluation as part of the financial processes.  Over 65% report that the deployment of GRC practices results in better prioritization of controls and higher quality of decisions, and 56% have also seen efficiency in processes.  Further, when asked what initiative results in reducing poor decisions, the top response was “prioritizing controls based on risk” at 56%.

Awareness around the importance of evaluating risk as part of any business strategy has increased dramatically over the past ten years.  The effective use of risk analysis must be balanced with cost in a holistic approach.  Specifically, executives should be weary of out of date, incomplete, inaccurate or easy to manipulate data.

The article concludes that GRC is effective when the organization’s strategic direction is defined and constraints are set that include risk appetite.  Best practices to enhance risk assessment and implementation are listed:

  • Identify the full range of risks
  • Establish a risk management culture
  • Align controls with risks and embed into processes
  • Devise procedures for manual interventions
  • Consolidate and track controls to ease the auditing process

This article summarizes by noting that integrating GRC into financial processes provides an opportunity for organizations to be more proactive in addressing potential risks.

Original Article Source: “Financial Processes Have Not Kept Pace With Risk, Survey of Executives Reveals,” Newswire, January 2009

More From Enterprise Risk Management Initiative

cover fo 2024 global risk oversight

2024 Global State of Risk Oversight: Managing the Rapidly Evolving Landscape
photo of woman with e-tablet.

Techniques to Prioritize and Monitor Risks
2024 The State of Risk Oversight Report featured image

2024 The State of Risk Oversight: An Overview of Enterprise Risk Management Practices - 15th Edition