avedos is highly committed to GRC reporting. In the coming weeks we will present and discuss six paradigms related to this topic on our blog. Profit from our expertise and valuable, hands-on recommendations on how you can take action!
– generate tangible value for the executive and supervisory board!
Many organizations still view GRC reporting merely as a necessary legal requirement and a contribution to reducing liability. Reports for executives and supervisory boards, however, offer potential for presenting opportunities in light of risks and, therefore, delivering real value for the company’s sustainable development. This, however, requires a paradigm shift in the way that GRC processes are reported so that the efforts center on providing concrete insights on core issues for the supervisory and executive boards. Paradigm 1, accordingly, is the focus of reporting.
– Consolidate the flood of information to focus on substance and not completeness
In order to dramatically ease the plenitude of information available, the goal must be to bring transparency to key, interrelated topics. Aggregation methods extend the established practice of a complete, comprehensive style of reporting. The underlying information is still available in its entirety yet flexibly accessible through downstream paths. Any charts and graphics that are necessary to fulfill various legal requirements, of course, remain unchanged.
For the different GRC departments, this means assigning the available information to clear categories. One good example is adding subcategories to company-specific control catalogs (COSO). Categorizing the various processes in this same manner is also highly recommend. In the future, control weaknesses from the internal control system and conclusions from internal audits will be listed here alongside the risks. This ensures that systematic weaknesses throughout the organization can be identified here.
In the next step, an appropriate method must be defined to consolidate the information throughout the structure. This applies to the content of the individual elements (e.g. exactly how the individual risks are consolidated) as well as quantitative measures (e.g. how to handle probabilities of occurrence and amounts of damage). Organizations must also select suitable tools from a selection of possible methods. These tools should not only correspond with their maturity, objectives and established structures, but also the current status and planned strategic development.
Build a continuous structure with 2 – 3 sub-levels for your specific area – even if there won’t be entries for every topic at the present time. View this structure as a general map, and make it a gold standard in your reporting.
Get informed on the facts and latest trends in GRC – and stay tuned for upcoming events, webinars, podcast episodes or trainings.