"Integrity in Action"? What do GRC consultants do?



Intro To Business


Recent Posts


About the Author

Teri Bernstein, MBA, CPA has been teaching full time in the Business Department of Santa Monica College since 1985.  Prior to that, she worked in Internal Audit and Special Financial Projects for the 1984 Los Angeles Olympics, CBS, Inc., and Coopers & Lybrand (which is now part of PricewaterhouseCoopers).  She attended the University of Michigan and Wayne State University.

image from grc-pink.com

Deborah Bailey and Edward Hida, professionals from Deloitte & Touche LLP, wrote in Corporate Compliance Insights about the six "GRC" priorities for financial companies this year. "GRC" stands for "Governance, Risk, and Compliance" and has become a growth speciality for consultants as more and more regulations are enacted--for example SOX (Sarbanes-Oxley) and Dodd-Frank legislation.  It seems that corporations are willing to pay big money to consulting firms to avoid trouble.

This particular article focused on these growing needs of financial institutions:

  • understanding the new risk management requirements
  • meeting their required debt-to-equity ratios and other capitalization requirements
  • having enough cash-on-hand to meet liquidity requirements
  • limiting the amount of money owed to any one entity
  • being able to meet requirements that might exist in unusually adverse conditions
  • establishing internal controls to flag potential problems early on

These appear to be common-sense, pro-active goals, and are appropriate remedies for avoiding another banking crisis.

GRC consultants also cast a wide net to unearth future problems, or to satisfy Boards of Directors that their corporations are aggressively pursuing any potential wrong-doing.  I was surprised to learn today that the community college where I teach has hired a GRC consultant to gather information of this type. My employer has a contract with The Network, Inc., to provide, according to their brochure, "Integrity in Action," the opportunity for employees to report on other employees. This is a 24/7 online or phone system by which employees can anonymously report any perceived wrong-doing (rule-breaking, unethical behavior, or illegal behavior) by other employees.  Then they can go back online and track the investigation that follows. 

I can imagine that, at best, this system would allow an underling to report hard-to-detect misstatements of accounts or requests to perform actions which are not part of company policy.  On the other hand, I can imagine that a vindictive co-worker could impulsively make a complaint that could unfairly injure someone's career.   Since the actions are outsourced, the privacy issues surrounding the investigation seem non-existent.  And the rights of criminals to face their accusers seems to be eliminated within the bounds of corporate culture. 

Follow up:

  • Have you ever heard of GRC consulting? What factors would cause this type of consulting work to expand?  What factors would cause this type of consulting to be less in demand?
  • What do you think about the reporting system described in "integrity in Action"? What kinds of normal daily activities in your workplace could be misinterpreted by a third party?  What are the plusses and minuses of a system of reporting like this?
  • Could TNI be gathering TMI


You must login to your account to comment. If you do not have an account, please register to enjoy the full benefits of the site!