Governance is about setting the company’s strategy and controlling the organization. Governance, Risk and Compliance (GRC) constitutes a key component of the former. GRC refers to defining the playground within which an organization wants to operate in order to achieve its objectives. The borders of this playground are defined by an organization’s risk appetite, the regulatory landscape, the desired culture and behavior, as well as the policies and procedures defined by the organization. In addition, GRC aspires to ensure that actions taken by the organization or its representatives respect these borders that enclose its playground. This results in the entire organization being involved in GRC, starting from the board up to the 3 lines of defense, including business continuity, enterprise risk, compliance, internal control, HSE, internal audit, among others.
Although Family Owned Businesses don’t always have a very extensive or mature GRC-framework in place, stakeholders do expect – from a corporate governance perspective – that the organization adopts a structured and professional approach towards GRC, including Business Resilience, Internal Audit, Internal Control and Enterprise Risk Management.
As a root cause, we see that FOB’s are fully focused on running the business and often have a fear that GRC will limit their entrepreneurship, and naturally also want to limit to overhead costs as much as possible.
On the other hand, the disadvantages are that these companies often don’t have a good view of their global risk landscape, are not comfortable that gaps and overlaps in risk management activities are avoided, and cannot provide integrated risk insights to those charged with risk oversight and other key stakeholders.
Based on our experience, FOBs require a balanced approach towards Governance, Risk & Compliance that:
Risk as a Service is a flexible and tailored solution for FOBs of all sizes who want to pursue a cost-efficient and pragmatic, value-adding approach towards GRC. We help you to get the basics right, irrespective of the maturity or position of risk management activities in your organization, and contribute to implementing key activities and best practices of risk management, internal control, compliance, business resilience and internal audit development.
Our ‘Risk as a Service’ offering allows you to access our global network, expertise and best practices in GRC, while simultaneously leveraging our technology and empowering your organization to streamline risk management activities while benefiting from KPMG’s wide and diverse range of areas of expertise.
We tailor our costing options to meet your needs and focus on a pragmatic, value-adding approach. You can flexibly request services as and when needed (i.e. for specific tasks, projects, processes) over the duration of the agreement. We can perform regular GRC activities within a set limit of hours for the agreed period, for example: quarterly inputs for the audit committee meeting.
A flexible and tailored solution for Family Owned Businesses who want a cost-efficient and pragmatic approach towards Governance, Risk & Compliance.
KPMG Risk as a Service offering covers the following topics: Enterprise Risk Management, Internal Control, Business Resilience, Project Risk Management, Internal Audit and Compliance.
This can include:
We offer assistance with small and large, basic or complex projects, including: