GRC

In an environment where market participants are looking to understand complex new regulations, ACS is helping C-Suite members rise to the highest value creating challenges whilst delivering sustainable platforms to embed enterprise wide initiatives in governance, risk and compliance.

We define risk governance as the ways in which directors authorise, optimise, and monitor risk taking in an enterprise. It includes the skills, infrastructure (i.e. enterprise structure, controls and information systems), and culture deployed as directors exercise their oversight. Good risk governance provides clearly defined accountability, authority, and communication/reporting mechanisms.

Enterprise must develop a value maximising risk management strategy. Enterprise Wide Risk Management (EWRM) emphasizes a comprehensive, holistic approach to managing risk, shifting away from a silo approach of separately handling each enterprise risk. EWRM also views risk management as a value-creating activity, and not just a mitigation activity. EWRM is still an evolving concept.

Compliance facilitates the process which ensures that a set of people are following a given set of rules, which may be referred to as the compliance standard or compliance benchmark, while the process is what manages their compliance. Compliance management can take many forms – a mix of policies, procedures, documentation, internal auditing, third party audits, security controls, and technological enforcement.

Arriving at the desired end state also requires paying close attention to the regulatory, political, emotional, as well as rational dynamics that accompany any changes to enterprise structure and governance. We work alongside the leadership team to incorporate these elements and drive out the end state design for an effective and efficient risk strategy.