Why Manage Governance, Risk ,and Compliance in Silos?

An enterprise approach to risk management should be comprehensive enough to incorporate governance and compliance

The past three years should have taught us the importance of well-defined and consistently enforced governance, risk, and compliance policies. However, most firms still seem to manage these functions over many overlapping and related functions such as audit, finance, treasury (or risk management), and legal with each department being managed in a silo and reporting up to a different member of senior management.

An enterprise approach to risk management should be comprehensive enough to incorporate governance and compliance.  Sources of risk to be identified, mitigated, and managed should include threats to effective governance and compliance as both if done incompetently can have meaningful impact of the financial results if not the very existence of a corporation.

The premise of an enterprise approach is that its value lies in understanding the interdependencies of all factors affecting the relevant enterprise. Failures to identify all factors that can “move the needle” hinder the efficiency of an enterprise approach that often requires a significant amount of capital investment in terms of people and technology.

It is my contention that governance, risk, and compliance should be managed via a comprehensive enterprise approach. An existing ERM program is the ideal vehicle to which to make this happen. I believe this approach will prove valuable in many levels including if and when the ratings agencies focus on ERM programs.