Chapter 2

Importance of Governance, Risk, and Compliance Principles

Enterprise organizations and corporations, in particular, have faced governance issues since their earliest days. Someone or some group was in charge and took a lead in setting the rules for employees and other stakeholders to follow. While this worked with smaller single proprietorships or in the tightly centralized corporations of eras past, today's larger and often multiunit enterprises need broad-based units or functions for setting rules and procedures—they need efficient and effective governance processes.

Life would be easier for those same enterprises if they just had to rely on a central leadership to set those governance rules. However, enterprises today of any location or size are faced with ever increasing sets of rules and procedures ranging from local police and public safety ordinances to national and sometimes international laws and on to broad professional rules and standards. On a whole series of levels, an enterprise must comply with these laws and regulations. Failure to do so can result in a variety of penalties, and an enterprise needs processes to ensure that they are operating in compliance with the appropriate laws and regulations.

An enterprise always faces risks that it will be found in violation of one or another of these multiple laws and regulations. There are also risks that their own established governance rules will not achieve their desired results or that they may face some outside ...

Get COSO Enterprise Risk Management: Establishing Effective Governance, Risk, and Compliance (GRC) Processes, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.