The GRC Approach - for Small Internal Audit Departments

Governance, Risk and Compliance (Part 2)

First identify all of the functions and/or groups that interact with the area subject to assessment. Then through interviews and evaluation determine the following:

• Governance: the goal, mission and objective of the program.
• Risk: the risks that are being managed by each of the functions and groups involved.
• Compliance: the rules, regulations, internal policies, the operating procedures that influence the operating activities. In this space it is also necessary to identify all of the tools, people, and resources available in support of the compliance efforts.

Once determined, you can assess whether the various functions are aligned as to the Governance mission and objective, you can determine if they are operating against a common set of Risk factors and you can evaluate whether the Compliance efforts are operating cohesively across all groups and whether resources are being deployed to effectively address each of the compliance requirements.

This evaluation is then used as the springboard to development of a high level summary regarding the cohesiveness of the company’s GRC activities across the multiple disciplines subject to review.

---

This post was contributed by Brad Zolkoske. Brad is the Director of Internal Audit at International Coal Group. He is responsible for the design, development, coordination and communication of auditing services throughout the company. Brad’s number one goal at International Coal is to establish a professional internal audit function that actively supports the company’s growth and culture initiatives.

During the course of his 20 year internal audit career Brad has worked in internal audit management for several publicly traded manufacturing companies. He is an expert at getting exceptional performance out of small audit departments. Brad can be contacted through this blog or through his LinkedIn profile.