A Unified Approach to Governance, Risk, and Compliance

Article Published by REALCOMM ADVISORY

"Risk is inevitable within all business environments. Indeed, it can be said that taking risks and managing risks play a key role in how organizations create profits and value. This is especially true in the business of real-estate management, where risk exists at multiple levels. There are all kinds of risks associated with being an employer and with running a business, as well as risks associated with the properties being managed and those who live, work, shop, and do business there." Four Strategic Issues: Transforming Real Estate Management" published by the Institute of Real Estate Management in 2006.
A comprehensive risk mitigation approach must identify and evaluate potential risks to the business, determine how to mitigate exposure, and manage those risks in the most efficient and effective way possible. Integrated business solutions for real estate that combine governance, risk, and compliance provide your business with a strategic weapon to protect your brand and reputation, control uncertainty, optimize opportunity, and free resources for innovation and growth.  


Let us explore the components of a comprehensive governance, risk, and compliance (GRC) solution.

Governance - Governance manages the strategic directives a company wants to follow. The key risk indicators involved in governance enable you to monitor the overall risks to the portfolio and to alert management immediately when high-impact and high-probability risks exceed company specific thresholds. All of these activities are monitored through executive-level dashboards and reports that provide you with visibility and key risk metrics.

Risk - Risk management is associated with areas of exposure and potential impacts. Historically, risk management has been a highly manual and tedious process for organizations. Business solutions that utilize automated tools are now available and can be implemented to replace these manual processes, thus allowing risks to be identified earlier as part of the standard business process. For example, the lack of transparency into lease agreement expiration dates can lead to risks affecting the revenue stream and can consequently put owners in compromising situations.

An early identification of risk can give businesses more information up front, leading to better decision-making. This relieves the organization of burdensome manual processes and allows businesses to manage risks on an exception basis instead of a reactive mode. Adopting these measures will minimize exposure to unnecessary disputes. Therefore, risk identification and management become an inherent part of standard business processes.

Compliance - Compliance is the tactical action taken to mitigate risk. Areas of exposure include proactive identification, analysis, and monitoring to forecast and respond to potential threats. Compliance incorporates automated controls to ensure appropriate user access and authorization as well as monitoring of business processes to promote desired behaviors and maximize results.

Having automated controls in place - and having risk identification as part of business processes - makes compliance a natural by-product of daily business. Compliance helps assure executive management that the necessary controls are in place and the regulatory processes are being adhered to by the organization.

There is a general uncertainty about the meaning and scope of the disciplines involved with GRC. Management may not recognize that these disciplines are both linked and interdependent. For example, while leasing organizations strive to achieve revenue targets (a governance activity), an internal audit committee may be in the process of recommending a credit risk application (a risk management activity), and the CFO's department may be busy implementing an internal controls solution to better address mandates of the Sarbanes-Oxley Act (a compliance activity). Without integrated GRC, the leasing organization may reach its target without any consideration of credit risk and without understanding and adhering to revenue recognition policies. As this example illustrates, the interdependencies of the three disciplines demand an integrated approach to GRC.

A recent article in the May 8, 2006 issue of The Wall Street Journal states that there are share price premiums for those companies that manage with confidence. The relationship between price premiums and GRC practices is exemplified by the following.

Companies with:

• No internal-control violations in 2004 and 2005 enjoyed a share price increase of 27.7%.
• Internal-control violations in 2004 - but fixed these problems in 2005 - enjoyed a share price increase of 25.7%.
• Ongoing internal-control violations in 2004 and 2005 suffered from a share price decrease of 5.7%.

Fragmented GRC activities may be the status quo, but they are costing businesses more than people think. AMR Research reports that compliance spending will reach $27.3 billion in 2006. Approximately two-thirds of this amount is attributed to personnel costs because fragmented GRC efforts tend to result in "people-powered GRC" - inefficient, manual processes that are duplicated across multiple departments.

Lost opportunity may be an even more harmful result of a fragmented approach to managing GRC. Without a comprehensive and cohesive GRC strategy, businesses are deprived of a powerful tool for effectively navigating today's highly regulated business environment and a critical driver of revenue and competitive advantage.

Resources:

REALCOMM Advisory: TOPIC GRC, Vol. 5 No. 39, 9.27.2006 www.realcomm.com
Computerized Facilities Integration LLC: www.gocfi.com

 
© Copyright 2002 Computerized Facility Integration, L.L.C. (CFI) | 248-557-4234
Your Facility Management solution provider
  
CFI HomepageCFI Client AccessCFI GlossaryContact CFICFI Sitemap
        Contact CFI your Facility Mangement solution provider
CFI, your Facility Management solution provider!