The prevention & detection of fraud, implementation of entity, financial & operational internal controls, segregation of duties, & well defined policies & procedures are the core components of what JMT deems necessary to create & manage an efficient, effective & integrated (GRC) governance, risk & compliance program.
GRC refers to a company’s strategy for managing the issues of corporate governance, risk management, and corporate compliance and other regulations. GRC is the integrated collection of capabilities that enable an organization to reliably achieve its objectives while addressing uncertainty, and acting with integrity. GRC aims to eliminate silos, redundancies and gaps by synchronizing information and activity across an organization in order to operate more efficiently, enable effective information sharing, more effective reporting and avoid wasteful overlaps
Fraud is an intentional deceptive action designed to provided the perpetrator with an unlawful gain.
Internal Controls are the mechanisms, rules, and procedures implemented by a company to ensure the integrity of financial and accounting information, promote accountability, and prevent fraud.
Entity Level Controls are the internal controls that help to ensure that management directives pertaining to your entire organization are carried out. Entity Level Controls are the second level of a top-down approach to understanding the risks of your organization.
Segregation of Duties (SOD) is a basic building block of sustainable risk management and internal controls for a business. The principle of SOD is based on shared responsibilities of a key process that disperses the critical functions of that process to more than one person or department.
Policies & Procedures are the rules that staff abide by as they carry out their various responsibilities and the instructions or steps that describe how to complete a task or do a job.
(GRC) GOVERNANCE, RISK AND COMPLIANCE refers to a capability that helps an organization achieve its objectives, with responsibility running across the organization.
GRC is an integrated approach that focuses on legal as well as internal compliance to mitigate the risks of fraud as well as to reach strategic, operational, and financial reporting objectives.
GRC acts like a magnet, it eliminates silos and brings all of an organizations compliance efforts together. It is essentially a codification of applicable regulatory and internal compliance requirements, as well as a roadmap to action.
A comprehensive GRC program will help an organization divert disasters, meet objectives, and grow shareholder value.
The board of directors are responsible for the governance of an organization.The shareholders role in governance is to appoint directors and auditors and also to satisfy themselves that an appropriate governance structure is in place.
Governance involves setting directions, optimizing risks and resources, and monitoring performance and compliance to achieve an organization’s objectives.
Risk includes financial risk, credit risk, market risk, strategy risk, operational risk, fraud risk, reputational risk, information security risk, technology risk and compliance risk.Regulatory compliance frameworks include SOX, ISO, FCPA, Patriot Act, BSA, AML, KYC, GDPR, CCPA, PCI/DSS, NIST, OSHA, etc.
GRC - Project Management - Risk Assessments - Sarbanes-Oxley Act - COSO -Entity Level Controls - IT General Controls - Access Controls - ICFR - Red Flags - Internal Control Testing - Change Management - Codes of Conduct and Ethics - Policies & Procedures - TPRM - HIPAA - FCPA - FCA - WPEA - Project Management - Segregation of Duties - Financial Accounting - Financial Reporting - Financial Statement Fraud - Fraud Investigation - Fraud Detection, Prevention & Mitigation - Mortgage Fraud - HUD/FHA - FmHA - Audit Trail Reviews - Employee Embezzlement - Procurement Fraud - Business Process Improvement - Litigation Support - Evidence Collection - Hypothesis Development & Testing - Conflicts of Interest - Locating & Recovering Hidden Assets - Reconstruction of Financial Records - Report Writing - Microsoft Office 365 - ActiveData for Excel - Internet Search Engines - Relativity - FinCen - CLEAR - Westlaw - LexisNexis - ACRIS - NYSDOS - NYCDOD - PACER - BetterWhoIS - Reverse Image Search - Domain Search/Owner Identification - Zoom - Okta - DocSign - Google Sheets - Google Docs - Google Lens - Google Scholar
Governance, Risk, and Compliance is confusing to understand in each of their individual capacities and when you bring them together as GRC they are even more confusing. GRC isn't just a catchy acronym used by consultants, GRC is the life blood of an organization, It must permeate an organization's oversight, processes, and culture. GRC is about the integrity of an organization: The challenge of developing a quality GRC program is that each individual term, governance, risk, compliance, has varied meanings across an organization. There is corporate governance, IT governance, financial risk, strategic risk, operational risk, IT risk, corporate compliance, Sarbanes-Oxley (SOX) compliance, employment/labor compliance, privacy compliance , the list goes on and on. So let us assist you.
Send us a message with any questions or concerns, and we'll get back to you with answers as soon as we can.