Unit 1 / Section 3 - The GRC Context Flashcards
What does the Open Compliance and Ethics Group’s (OCEG) definition of GRC argue?
That GRC adds value by helping firms to understand the real-life problems that can inhibit its achievement of optimised value.
GRC means all the processes within a firm that must function together effectively to ensure…
Maximised sustainable, agile, long-term, compliant and responsible performance.
How can “Risk Culture” be defined?
By the system of values and behaviours, collectively called the culture, which affects the firm’s risk decisions.
In practical terms, employees need to understand firm-wide risk exposures. The risk culture is created by risk management training, risk assessment and guidance about decision-making. It involves risk policies as well as risk statements and procedures.
How is “Compliance Culture” defined?
The overall environment that affects how compliance issues are handled.
In a strong compliance culture, employees follow the right processes and perform the right controls, even without oversight. In practical terms, it refers to how effective a firm is in meeting compliance regulations and deterring and detecting compliance problems.
How is “Governance Culture” defined?
The attitudes and actions that lead to the building of a strong and competitive firm that enhances shareholder value.
It involves the strategic direction of a firm, and how this strategy is embedded into business practices and leadership capabilities at every level.
What 3 regulatory objectives does enforcement action taken by any regulator help to demonstrate?
That they:
1) Protect consumers
2) Drive stability and therefore confidence in the markets
3) Promote market integrity
** What are the 3 GRC cultural elements?
> Risk Culture - affects risk decisions
Compliance Culture - affects how issues are handled
Governance Culture - attitudes and actions affecting strategy
