image from grc-pink.com
Deborah Bailey and Edward Hida, professionals from Deloitte & Touche LLP, wrote in Corporate Compliance Insights about the six "GRC" priorities for financial companies this year. "GRC" stands for "Governance, Risk, and Compliance" and has become a growth speciality for consultants as more and more regulations are enacted--for example SOX (Sarbanes-Oxley) and Dodd-Frank legislation. It seems that corporations are willing to pay big money to consulting firms to avoid trouble.
This particular article focused on these growing needs of financial institutions:
- understanding the new risk management requirements
- meeting their required debt-to-equity ratios and other capitalization requirements
- having enough cash-on-hand to meet liquidity requirements
- limiting the amount of money owed to any one entity
- being able to meet requirements that might exist in unusually adverse conditions
- establishing internal controls to flag potential problems early on
These appear to be common-sense, pro-active goals, and are appropriate remedies for avoiding another banking crisis.
GRC consultants also cast a wide net to unearth future problems, or to satisfy Boards of Directors that their corporations are aggressively pursuing any potential wrong-doing. I was surprised to learn today that the community college where I teach has hired a GRC consultant to gather information of this type. My employer has a contract with The Network, Inc., to provide, according to their brochure, "Integrity in Action," the opportunity for employees to report on other employees. This is a 24/7 online or phone system by which employees can anonymously report any perceived wrong-doing (rule-breaking, unethical behavior, or illegal behavior) by other employees. Then they can go back online and track the investigation that follows.
I can imagine that, at best, this system would allow an underling to report hard-to-detect misstatements of accounts or requests to perform actions which are not part of company policy. On the other hand, I can imagine that a vindictive co-worker could impulsively make a complaint that could unfairly injure someone's career. Since the actions are outsourced, the privacy issues surrounding the investigation seem non-existent. And the rights of criminals to face their accusers seems to be eliminated within the bounds of corporate culture.
- Have you ever heard of GRC consulting? What factors would cause this type of consulting work to expand? What factors would cause this type of consulting to be less in demand?
- What do you think about the reporting system described in "integrity in Action"? What kinds of normal daily activities in your workplace could be misinterpreted by a third party? What are the plusses and minuses of a system of reporting like this?
- Could TNI be gathering TMI?