IMPLEMENTING A COMPREHENSIVE COMPLIANCE OR GRC SYSTEM
Governance, Risk & Compliance
GRC Programs SEEK:
INTEGRATE in a system the requirements derived from:
Corporate Governance or set of behaviors or standards of good governance. They are embodied in a “Code of Ethics” or “Code of Conduct” that contains the values and principles of a company that generates its “philosophy”, its way of working, and that inspires its Administration and Management.
Mechanisms for detecting, preventing and correcting the risks of a company (Business, normative and regulatory, financial, operational, reputational, HR, technological, Information environment, etc.).
The analysis and management require detecting the risks of an activity, setting the admitted risk threshold, determining the applicable ones, including the probability of occurrence and the impact on the company, establishing a RISK MAP on which to establish policies, measures, procedures. and controls to reduce them.
Regulatory Compliance System or COMPLIANCE MANAGEMENT SYSTEM (CMS) -Compliance Management System is thespecific organization and control system that is implemented in a specific company.