This fragmented, reactive approach has several serious problems:
For these reasons and others, it is crucial for executive management to bring order to GRC activities across the enterprise—that is, across all GRC mandates, all business functions, all business units, all underlying IT infrastructure, and all geographies.When pharmaceutical companies are dealing with multiple mandates, three basic requirements must be fulfilled to develop a coherent approach to GRC across the enterprise:
Chief compliance officers (CCOs) often step forward to take on the responsibility of developing this coherent approach to GRC. Although corporate integrity agreements are sometimes the impetus for these initiatives, CCOs often struggle to find a starting point to building a comprehensive GRC program. Each of these basic elements must balance the specificity necessary to ensure that each individual GRC objective is fulfilled with the flexibility necessary to ensure applicability to any and all GRC objectives across and beyond the walls of the enterprise.
The cost of chaos
It's hard to blame anyone for the current fragmented state of enterprise GRC efforts. Corporate executives had no way to anticipate the scale of today's GRC workloads, the complexity of individual GRC mandates, or the pace at which GRC requirements would continue to change. In addition, new requirements have blindsided organizations, leaving them no time to step back and develop a holistic strategy for addressing all of their present and future GRC challenges.
Every executive, however, is now aware of how big a burden GRC has become. They are aware that GRC burdens are not going to get any lighter and might get a whole lot worse. They're also well aware that their organizations' approaches to GRC are unacceptably fragmented. This fragmentation across the enterprise has serious consequences, the most troubling of which are described below.
Significantly higher GRC costs. When corporate GRC efforts are fragmented, expenditures of time and money are constantly duplicated. Project teams must work through problems that others may already have solved. New systems are put in place when existing systems could readily be used across multiple mandates. Productivity is lost because employees get pulled away from their jobs multiple times for training, instead of just once. All of these inefficiencies divert financial and human resources that could bring much greater returns if they could be allocated elsewhere.