The Perils of Pruning GRC Programs

If anything history has thought us it will repeat its self again and again.

According to a recent report by Kroll Consulting, corporate fraud is up 22% in 2008 over 2007. Moreover, companies lost an average of $8.2M over the past three years due to fraud. Clearly this is an indication of corporate fraud going up not down. All the while these same companies are reporting they are in "compliance" with the increased regulatory and enforcement policies such as Sarbanes-Oxley Act, PCI-DSS, GLB-A and the Foreign Corrupt Practices Act.

Dating back to 1903 when President Roosevelt instructed his Attorney General, P.C. Knox to dismantle the "great trusts" including Standard Oil, Norther Trust and JPMorgan (who is in trouble again) you must ask yourself what drives business executuves? My opinion is it is greed not the well being of their employees nor investors. If executives focused on corporate well being as opposed to lining their pockets those same companies would have an almost a bullet proof GRC strategy and be advertising it to the global investment community.

For those who do not remember history in college, it happened in the 80's with the Savings and Loan scandals, in the 90's with the Dot Com-Bomb, the early 2000's with Enron, MCI, Health South, etc... and we are living it again. We are in another economic crisis due to greed. As long as humans manage business' and the oversight boards (like the SEC, FFIEC, etc.) are looking the other way we are doomed to fail again and again moistly due to the greed individuals.

Regardless of how much President Elect Obama infuses into the economy via his proposed tax cut, detail's to be released later this week but estimated by Wall Street Journal today to be over $300B+, we will find ourselves in exactly the same predicament we are in today in a few years. This is unless we force public (and private) corporations to adhere to the standards already being imposed. These compliance requirements are regulated by the Federal Government in some form or another and they all have specific and actionable events companies can follow to ensure the compliance activity is being followed. Moreover, these same compliance policies - if adopted through the advancement of technical solutions - have the ability to report to "the street" in real time what a corporations compliance is on a specific and/or series regulations. So if I as an executive actually adopt standards as a way to run my buiness and I automate my GRC strategy to include say, Sarbanes-Oxley reporting, with my Payment Card Industry (PCI) reporting along side my Gramm-Leach-Bliley requirements (as an example) I can actually save corporate cash by not having to have three different audits to report on the same data.

To say it is "too expensive to manage to GRC requirements" is like saying "its to hard to breath in the Rocky Mountains" therefore no one should live there. GRC is not hard at all once executives make the commitment to their employees, investors and the public they will comply with the standards that govern their industries for the well being of everyone.

If any investor puts money into a company without first asking what that company's governance, risk and compliance strategy is, then they might be better served by just taking a trip to Vegas and putting it all on black.

Good Luck!

Jim Guinn, II
Executive Vice President
Partners Consulting, Inc.