Blue Hill’s study found that the benefits resulting from GRC [governance, risk management, and compliance] implementation [using platforms like CGR Foundation] range between 25% and 30% in time saved in compliance and risk activities, increased visibility into changing activities and reporting, and reduced risk exposure.

— Houlihan, D. (2015). GRC Vendor Implementation Success Strategies. Blue Hill Research.

Types of Risk

Strategic
Financial
Operational
Compliance

Risk, Control and Assurance Continuum

  • Identification
  • Quantification
  • Prioritisation
  • Design
  • Implementation
  • Management
  • Validation
  • Assurance

Lines of Defence

1
People, Processes, Systems and Controls
2
Board, RM Committee/Function, Compliance Function
3
Internal Audit
4
Independent Assurance (External Audit)