Follow LogicManager

Subscribe via Email

Your email:

5 minute Videos

Top-down strategic or bottom-up governance approach, watch the video that represents the priority for your ERM program.

Stream_btn

Strategic_btn

Or if you are just getting started, understand what is involved and how to define an ERM framework.

Getting_btn


Solution Overview

Download_btn_orange

Understand the benefits of LogicManager’s ERM SaaS platform and how we support your organization’s challenges

Latest Posts

Browse by Tag

Best Blog Badge

Manage Tomorrow's Surprises Today

Current Articles | RSS Feed RSS Feed

ERM vs GRC? SEC Says No to Myopic Approach: Costly Example from Goldman Sachs

Posted by Steven Minsky on Mon, Apr 19, 2010 @ 07:45 AM
  
  
  
  

View all posts | View current post

What is the difference between ERM and GRC? Look no further than Friday's news headline Fraud charge deals big blow to Goldman's image. In a statement, Goldman called the commission's accusations "completely unfounded".

A GRC approach does little to protect the organization’s brand reputation, prevent litigation or protect intellectual property infringement. Witness Goldman Sachs. Goldman has adamantly denied the SEC's allegation by claiming their technical “compliance”, but in the investor and customer community, their failure to address reputation risk has resulted in a share price drop of 13 percent and more than a $10 billion drop in the company's market value.

In my post SEC Proposes Accountability for ERM, I detailed the new regulation anticipated from the SEC requiring in–depth risk disclosures from examining the activity level where performance incentives may affect the company's risk profile. That regulation went into effect on February 28, 2010. Many firms still take a “wait and see” attitude. Many unfortunately believe that continuing business as usual by filing the required compliance documentation that their firms are protected. The investments they made in GRC systems that just automate the compiling this documentation have done little to address the root cause of risk and protect their company's interests.

Increasingly boards are asking the question, What measures do we have in place to collect information on our reputation risk? What is the business measurement for compliance activity that connects to EBITA?

How would ERM have made a difference? In addition to the compliance aspects of the transaction, ERM would have taken the impact of reputational risk as well as the cost of litigation and adjusted these with the expected profit of the transaction. ERM would also have identified the conflict of interest of the vendor partner and suggested a disclosure to cover the risk as is now required under the SEC regulation. In summary, ERM would have brought a holistic picture of all sides of this transaction in terms of risk, performance and compliance which would have made clear that the return on investment in risk adjusted terms would have been negative and the activity would not have been pursued. To baseline your organization’s risk management capabilities, do a free assessment from the Risk and Insurance Management Society.

Organizations that pursue an ERM approach rather than a GRC approach to compliance look at corporate strategic imperatives and how compliance efforts contribute in “readiness” to maximize their contribution. The General Counsel and their teams that lead compliance efforts with an ERM value protection approach instead of a GRC “form over substance approach” take a broader view to compliance and risks and better protect their organizations. Goldman Sachs is just one of many examples.
Tags: ,

Comments

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics