In developing a Business Finance magazine article on GRC leading practices culled from our growing GRC Maturity database, I’ve been checking the data-driven insights against field experience.

You can conduct this sort of comparison by talking to seasoned GRC executives and by reviewing the growing body of GRC case studies and guidance.

The exercise has helped me stumble upon more than a couple of “GRC secrets” – valuable practices that are either nestled deep in GRC content or remain (mostly) locked in the minds of GRC practitioners.

I’ll share one of these nuggets below, and I also want to hear about any GRC secrets my talented, friendly, and communicative readers might have.

Here’s one key ingredient of GRC success: Risk committees are pivotal.

The bulk of published case studies emphasize the importance of establishing a steady, two-way flow of risk and compliance information between the board of directors and the organization.

Risk committees – cross-functional groups of operational and functional managers – serve as a veritable GRC pump station that enables this informational flow.

Risk committees transmit qualitative GRC information from the trenches up to senior management and the board and also translate strategic GRC guidance and directives from the board and senior team to the operational and functional employees so that they can more effectively integrate GRC activities into their daily processes.

Pass it along … ###