TMCnet News
Five Leading Companies Win GRC Achievement Awards for Improvements in Risk Management and ComplianceWASHINGTON --(Business Wire)-- OCEG is pleased to announce five winners of the 2011 OCEG GRC Achievement Awards, each of which has made great strides in integrating governance, risk management and compliance (GRC) to achieve principled performance. "Each winning project showed real maturity in moving to integration across and between areas of risk management and compliance, driving risk-aware decision making and supporting business performance," said Melissa Lentz, the Executive Director of OCEG's affiliate organization, GRC Certify, as she presented the winners to the 500-plus-member audience at the Compliance Week 2011 conference last night. She continued, noting, "in each case a higher level of maturity is evident in the cross-functional integration of risk management and compliance information supported by sophisticated use of technology - a clear indication that these are critical ways to gain the transparency and control that is needed in complex organizations today to drive business performance." "These winners not only benefit from implementation of their projects, but they also can now identify and quantify the benefits to risk and compliance management, which is a substantial contribution to driving the business case for GRC in the market today, something OCEG wants to recognize and reward," said OCEG President Carole Switzer. Based on a vote by attendees at the Compliance Week 2011 conference who viewed presentations about each of the winning projects, Constellation Energy also has been awarded the Peer Choice Prize for its comprehensive risk management improvement project. Upon hearing about the Peer Choice award, MetricStream CEO Shellye Archambeau said, "Constellation Energy undertook an ambitious project to establish a common GRC framework enabling each business and functional area to manage its own risks while facilitating risk aggregation, effectiveness of controls, monitoring, and management reporting. We are very pleased that MetricStream has been able to support this process with our GRC platform, and I'd like to extend my personal congratulations to Constellation Energy for the recognition they have received." Presentations on each of the winning projects are aailable at http://www.oceg.org/about/2011-grc-achievement-awards. Summaries of each of the winning projects follow below. Peer Choice Prize Winner Constellation Energy Constellation Energy, one of the largest energy companies in the United States, undertook to establish a strategic risk management approach by following the OCEG GRC Capability Model to establish a common framework enabling each business and functional area to manage its own risks within a common supporting technology. Constellation created an integrated risk steering committee and GRC working group to build a common framework with a simple, repeatable Risk Control Self-Assessment process and common taxonomy. In addition to the clear benefits of reduced duplication of efforts and greater reliability of information, Constellation states that it has seen a 15% savings in human capital hours for compliance reporting and annual risk management and compliance system savings of more than $300,000. Adecco Group Switzerland based Adecco Group, the world's leading provider of HR solutions, created an integrated GRC program and portal that allowed it to realize efficiencies by standardizing a risk/control methodology across all worldwide operations - leading to increased visibility of risks, controls and compliance status, and thus better risk management reporting and more effective corrective action. Among the many benefits noted, executive reporting on compliance status and control and audit findings remediation is now completed in less than 30 minutes per quarter, creating efficiency, improving visibility and facilitating decision making. Humana Humana, one of the largest publicly traded health and supplemental benefits companies in the United States, established a GRC program with an internal process and policies framework, and a user-friendly portal that addresses all aspects of the OCEG GRC Capability Model. The project addressed risk management across the entity and involved all key roles - audit, compliance, ethics, information security, and business leaders - working together to develop an enterprise-wide taxonomy, terminology and methodology for risk ranking and a system for issue management. Today, 18 months after implementation, over 50 Operational and Compliance Metrics are being followed, 436 Issues are being tracked from all core oversight groups, and 468 Open Business Improvement Action Plans are being tested to closure. MISO MISO, which supports the delivery of electricity in 13 U.S. states and the Canadian province of Manitoba, created a compliance model and platform to transition from document-driven to process-driven management and better enable a holistic view of requirements, processes, controls and records across compliance areas. Under the new structure, compliance policies and procedures are described consistently, controls can be reused to demonstrate compliance with various regulatory requirements, and MISO is able to capture evidence, facilitate random audit verification, support appropriate proof of documentation and identify gaps. Visa Winning a GRC Achievement Award for the second year in a row, Visa, the largest global payment network, implemented a Product Risk Assessment Framework to strengthen the understanding of risks when engaged in strategic planning for new products. Using the new assessment framework, participants in proposal risk assessments now have clarity on existing, known risks and mitigations and can better evaluate new initiatives while information is leveraged across multiple risk assessment processes, creating greater value for each risk assessment process. OCEG is a nonprofit think tank that helps organizations achieve principled performance by enhancing corporate culture and integrating governance, risk management and compliance systems (GRC). OCEG provides open sourceĀ GRC process and technology standards, educational resources and a global community of practice with more than 33,000 members. |
