Académique Documents
Professionnel Documents
Culture Documents
Policy
Policy
Procedure
Training
Operational
Unit
Changing
business, risk,
and regulatory
environments
Operational
Unit
Contrl
Procedures
Operational
Unit
Board
Procedure
Policy
Policy
Operational
Unit
Training
Procedure
Policy
Line of
Business
Management
Contrl
Training
Employees
Policy
Training
Source: Wikipedia
Not
Effective
Not
Efficient
Not
Agile
10
Effective
Efficient
Agile
11
12
13
14
OPPORTUNITIES
BUSINESS MODEL
OPPORTUNITIES
OBJECTIVES
strategic, operational, customer,
process, compliance objectives
VOLUNTARY BOUNDARY
boundary defined by management including organizational
values, contractual obligations, voluntary policies and other
promises.
15
G-R-C Definitions
Governance is the act of
16
17
Enterprise
Focus on an
Issue
Department
GRC
Initiative
Specific
Issue
18
19
20
21
Aspects of GRC maturity from the IRM Risk Culture Aspects Model
22
23
Questions?
Michael Rasmussen, J.D.
Chief GRC Pundit & OCEG Fellow
mkras@grc2020.com
+1.888.365.4560
Some of the content we have evaluated is OCEG content which GRC 20/20 has an established relationship to use. Please do not copy
slides or graphics without permission. GRC 20/20 highly recommends you consider OCEG membership at www.OCEG.org.