Unfortunately, there seems to be a lack of understanding of what GRC really is. Contrary to popular belief GRC is NOT ERM, but 3 separate disciplines Governance, Risk and Compliance. Here I look at the neglected Governance component.
Enterprise Compliance Today
With 2015 being the 200th anniversary of the Battle of Waterloo and having a man-crush on Napoleon B, I have taken this opportunity to revisit some of lessons we can learn (good & bad) from his 20 year reign as master of the universe.
Corporate objectives are not the “bulls eye” of strategic planning they're just the dartboard. Boards are assessed by the quality of their Results not the quality of their Objectives.
Risk exists everywhere - the problem is knowing what to focus on. ISO31000 definition of risk as “the measure of uncertainty in a situation” hasn’t done a lot to clarify what corporate risk means for Directors providing "good corporate governance".