Written by Lane Leskela     Posted on November 13, 2008

Lane Leskela, PCM, MIA, is the Vice President of Technology Programs at The Open Compliance & Ethics Group (OCEG). Lane is responsible for managing OCEG’s Technology Council Programs, including the GRC Blueprint®, GRC Roadmap®, and GRC-XML® Provisional Jurisdiction of XBRL International. OCEG is a 15,000-member global nonprofit focused on guidance, standards, benchmarks, and tools for integrating governance, risk, and compliance (GRC) processes.

The current economic environment is crying out for sustainable technology standards at the core of information governance. Profound losses in the financial markets were the result of weak governance, failing risk management, and little regard for the consequences. The time has come for the methods needed to identify and manage risks, ensure oversight, and enforce corporate policies and procedures to exploit XBRL. In this extremely challenging economic climate, OCEG foresees increased demand to leverage the expanding taxonomy for financial reporting purposes to meeting the challenges of operational risk and compliance management as part of the natural evolution of XBRL.

OCEG sees the inevitable combination of people skills, business practices, and information technology necessary to improve governance, risk, and compliance management, not as ends in themselves, but as serving the organizational necessity of Principled Performance®. Principled Performance centers on bringing the mandated requirements (regulatory, legal, and contractual) for an organization’s operations together with the voluntary commitments (business practices, customer expectations, service levels) that help focus the organization on internally and externally directed improvement.

The complete portfolio of processes directly related to GRC include organizational and IT governance, business strategy, all levels of risk management, quality management, financial and IT audit, legal obligations, security, compliance monitoring and reporting, social responsibility, and ethical culture. Synchronized planning and communication between multiple business departments, decision-makers, business partners, suppliers, and customers is the key to successfully leveraging GRC across an extended enterprise of any size and shape.

To this end, diverse organizations with broad international experience and constituents are building the basic definitions and structure that will comprise a comprehensive taxonomy for GRC XBRL. Critical work on aspects of the emerging taxonomy and messaging standards for GRC have been undertaken by organizations that include the Fujitsu Research Institute, AIIM’s StratML Work Group, and the International Standards of Accounting and Reporting (ISAR) group of the United Nations’s Council on Trade and Development (UNCTAD).  Moreover, OCEG’s GRC-XML Work Group is now the Provisional Jurisdiction for this area in XBRL International.

Along with bringing together the major contributors to the emerging XBRL taxonomy for GRC, OCEG envisions stewardship for this new GRC-XML Jurisdiction over five defining domains:

1.    Common Financial and Operational Risk Controls
2.    Corporate Social Responsibility and Transparency Metrics
3.    Issue and Incident Management Taxonomy
4.    Performance Management Reporting
5.    Corporate Policy and Organizational Strategy Taxonomy

The construction of XBRL standards in each domain will address information standards based on Authorities with respect to:

1.    Policies and processes modeling regulatory authority guidelines for laws, rules, and regulations
2.    References and translation procedures based on authority documents
3.    Object definitions, elements, and specifications derived from authority documents
4.    Metrics that define standardized process performance and risk indicators

As painful as the current economic environment is for most businesses and markets, the opportunity for a deeper commitment to developing GRC components for XBRL has emerged. Over the next few years, as business performance improves and economic value ultimately rises, long-term efficiencies will be supported by a more coordinated set of information standards that inherently integrate risk and compliance processes. Advancing compliance and risk management capability across markets and industries is a deeply important and global role that is now assigned to XBRL.

Add to Del.icio.us | Digg this

This entry was posted on Thursday, November 13th, 2008 at 9:37 am and is filed under General, . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.