ERM and GRC Principles Going Forward
The concept of Committee of Sponsoring Organizations Enterprise Risk Management (COSO ERM) and governance, risk, and compliance (GRC) principles has very much changed since the first edition of this COSO ERM book was published in 2007. As we have highlighted in earlier chapters, COSO ERM was originally incorrectly viewed by some as an improved version of the COSO internal controls framework while others assumed that anything to do with risks and risk management was addressed to some form of insurance department function.
Much has changed over recent years. In today's highly regulated environments, enterprises are increasingly pressured by governance, risk, and compliance concerns while at the same time they have strong needs to drive their business performance and predictability, and to enhance stakeholder confidence. In addition, managing GRC processes is often challenged by the typical enterprise's highly fragmented business processes and systems that compound the cost of managing risk and compliance. Underlying these GRC management issues, an enterprise must coordinate and manage a wide range of manual and information technology (IT) infrastructure processes that directly supports the tools and systems in a GRC business environment.
This final chapter summarizes some of the current trends and issues that will continue to make GRC increasingly important. In particular, we will review some of the areas that several professional ...