The distributed and dynamic nature of business makes ethics and compliance a challenge. How does an organization validate it is current with legal, regulatory, and other obligations within an ever-changing business environment? Global compliance in the context of a complex and dynamic business environment is particularly challenging as organizations face broadening anti-corruption laws and regulations. Ultimately, the best offense is a good defense.

Effective governance, risk management, and compliance (GRC) delivers the ability to meet requirements, achieve human and financial efficiency, and meet the demands of a dynamic business environment that requires agility. It eliminates silos of risk and compliance that emerge from parts of the organization that have historically worked independently of each other.

Most organizations fail to manage the lifecycle of policy, resulting in policies that are out-of-date, ineffective, and not aligned to business needs. It opens the doors of liability, as an organization may be held accountable for policy in place that is not appropriate or properly enforced. Organizations require a consistent process to develop, communicate, monitor, and maintain corporate policy and procedures.

Organizations today face unimaginable challenges as they do business in an increasingly complex global marketplace. They need to step back, get a good look at the challenges and develop an integrated approach to ensuring effective governance, managing risks, and optimizing performance while addressing compliance requirements throughout the enterprise. The result: what OCEG calls Principled Performance®.

No company is an island unto itself: Organizations are a complex and diverse system of processes and business relationships. Risk and compliance challenges do not stop at traditional organizational boundaries. Organizations today struggle to identify, manage, and control governance, risk management and compliance (GRC) across extended business relationships.

While GRC is ultimately about collaboration and communication between business roles and processes, technology provides the backbone that enables GRC. To describe this technology, Corproate Integrity has defined the GRC Reference Architecture2 (this is closely aligned to the second version of the Open Compliance & Ethics Group (OCEG) GRC Technology Blueprint).

The mismanagement of policies has grown exponentially within organizations with the proliferation of collaboration and document sharing software such as Microsoft SharePoint. These solutions to their credit as well as downfall enable anyone to post a policy. Organizations end up with policies scattered on dozens of different internal Web sites and file shares, with no defined audit trails or accountability for them.

Investigations, done right, minimize or control loss, uncover systemic issues, identify risk areas, and provide information that drive continuous improvement initiatives. As a result, investigations are a critical cornerstone to governance, risk management, and compliance (GRC) efforts in the ability to find and resolve issues to reduce exposure and contain loss to the organization.

The Payment Card Industry Data Security Standard (PCI DSS), developed by the Payment Card Industry Security Standards Council, which consists of vendors such as VISA, Master Card, American Express, Discover and JCB, provides payment card data protection requirements for organizations that process card payments.

Organizations face a complex environment of risk, internally and externally. Geopolitical, financial/treasury, economic, operational, legal, and regulatory environments produce compound risks for organizations to manage. Many organizations are learning that these risks often interrelate to create a much larger risk environment than each independent silo is aware of.

The old paradigm of regulatory change management is clearly a recipe for disaster given the volume, pace of change and the broader operational impact of today's laws and regulations. Just as the CFO needs a financial system or the sales department needs CRM, legal and compliance need regulatory intelligence.

Business today requires agility and efficiency to stay competitive. Organizations must respond rapidly to changing conditions, while managing financial and human capital costs.