GRC Capability model
The GRC Capability model contains 8 integrated components, and each are embodying a number of related Practices
- C: Context
Understand the current culture and business context so that the organisation can address, and practively infuence conditions to support objectives.
- O. Organise
Organise and oversee an integrated capability that enables the organisation to reliably achieve objectives, while addressing uncertainty and acting with integrity.
- A. Assess
Identify threats, opportunities and requirements; assess the level of risk, rewand and conformance; and align an approach to reliably achieve objectives, while addressing uncertainty and acting with integrity.
- P. Proact
Incent desirable conditions and events; and prevent undesirable conditions and events with management actions and control;
P1-Proactive Actions and Controls
P2-Codes of Conduct
- D. Detect
Detect ongoing progress toward objectives as well as actual and potential undesirable conditions and events using management actions and controls;
D1-Detective Actions and Controls
- R. Respond
Respond to desirable conditions and events with rewards; and correct undesirable conditions and events so that the organisation recovers from and resolves each immediate issue and improves future performance;
R1-Responsive Action and Controls
R3-3rd Party Investigation
- M. Measure
Monitor, measure and modify the GRC capability on a periodic and ongoing basis to ensure it controbutes to business objectives, while being effective, efficient and responsive to the changing evnironment.
- I. Interact
Capture, document and manage GRC information so that it effeciently and accurately flows up, down and across the extended entreprise, and to exgternal stakeholders.
ensuring 8 Universal Outcomes :
- Achieve Business Objectives:
Every CGR capability must contribute to attaining the desired business objectives;
- Enhance Organisational Culture:
Inspire and promote a culture of performance, accountability, integrity, trust and communciation;
- Increase Stakeholder Confidence:
Increase stakeholder confidence and trust in the organisation;
- Prepare and Protect the Organisation:
Prepare the organisation to address risks and requirements; and protect the organisation from negative consequences of adverse events, noncompliance and unethical behaviour.
- Prevent, Detect and Reduce Adversity:
Discourage, prevent and provide consequences of miscoduct; reduce the tangible and intangible damage caused by adverse events; noncompliance and unethical behaviour and the likelihood of similar events happening in the future;
- Motivate and Inspire Desired Conduct:
Provide incentives and awards for desirable conduct, especially in the face of challenging circumstances;
- Improve Responsiveness & Efficience:
Continuously improve the responsiveness (timeliness and agility) and efficiency (speed and quality) of all GRC Capabilities activities while improving effectiveness (ability to meet objectives and requirements)
- Optimise Economic & Social Value:
Optimise the allocation of human and financial capital to GRC capability activities to maximise the value generated, benefitting the organisation and the society in which it operates.