6.1. Organizing for Risk
Let's acknowledge that there is no one correct answer for a perfect risk-governance structure. What works for one company may not make sense for another. However, assuming the existence of appropriate resources and scale, a good, and perhaps even innovative, structure involves creating a real or virtual governance, risk, and compliance (GRC) team. This team's basic function is to look out over the whole organization to assess its risk management activities from both an operational and strategic point of view, within the context of enterprise risk management.
This team may include the disciplines of compliance, internal audit, financial controls (the group responsible for managing a company's SOX annual assessment), governance, ...
Get Under Control: Governance Across the Enterprise now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
