The closing session of the GRC Track brought together some of the speakers of today: John Haggerty of AMR and Gunther Reimoser of EY joined IDS CFO Jörg Vandreier in a panel discussion about today's GRC topics.
The audience challenged the experts with the first question how a organization can orchestrate different GRC initiatives. John explained that if you can foresee those upcoming initiatives you should bring them together from the start to use those synergies. But he said more than often this is not the case and companies have to knit together those topics afterwards with all obvious disadvantages.
The next question went to Jörg Vandreier: Who should "own" GRC in a company? Jörg clearly saw this task as one of the CFO, and commented his peer would see that the same. John elaborated further that after a first implementation reporting lines to the audit committee need to exist that will bypass a CFO.
After discussion of Risk Management realization at IDS and the roadmaps to step up in maturity levels the discussion went to the use of business processes in GRC. John reflected on the presentation E.On projects upfront and showed that he was impressed by what he had seen. He said that starting with the goal to be compliant when restructuring the business processes brings advantages of direct integration compared with most cases he had seen, where the compliance part was just piled up on what was already available in process descriptions.
The lively discussion had an end way to early as moderator Hans Mulder reluctantly had to send the attendees to the closing. However, the obvious interest of the participants and attendees of this session claims for more room for this kind of panel on next process world 2009. I really hope to meet all those interesting people again!