Filed Under (Industry Observation) by Lane Leskela
The current economic environment cries out for sustainable technology standards to be established at the core of information governance. The profound losses in the financial markets were the result of weak governance, failing risk management, and little regard for the consequences. The time has come to define and implement the methods needed to identify and manage risks, ensure oversight, and enforce corporate policies and procedures to exploit extensible business reporting language (XBRL). This extremely challenging economic climate is stimulating the demand to leverage the expanding taxonomy for financial reporting purposes to meet the challenges of operational risk and compliance management as part of the natural evolution of XBRL.
The inevitable combination of people skills, business practices, and information technology (IT) necessary to improve governance, risk, and compliance (GRC) management are not ends in themselves, but serve the organizational necessity of improving and sustaining performance. The next phase of enterprise performance management integrates the mandated requirements (regulatory, legal, and contractual) for an organization’s operations with the voluntary commitments (business practices, customer expectations, service levels) that help focus the organization on internally and externally directed improvements.
The complete portfolio of processes directly related to GRC include organizational and IT governance, business strategy, all levels of risk management, quality management, financial and IT auditing, legal obligations, security, compliance monitoring and reporting, social responsibility, and ethical culture. Synchronized planning and communication between multiple business departments, decision makers, business partners, suppliers, and customers is the key to successfully leveraging GRC across an extended enterprise of any size or shape.
To this end, diverse organizations with broad international experience and constituents are building the basic definitions and structure that will comprise a comprehensive taxonomy for GRC XBRL. Critical work on aspects of the emerging taxonomy and messaging standards for GRC have been undertaken by organizations as diverse as the Fujitsu Research Institute; the XBRL Risk Taxonomy Forum of the IBM Data Governance Council; AIIM’s StratML Work Group; and the International Standards of Accounting and Reporting (ISAR) group of the United Nations’ Council on Trade and Development (UNCTAD).
The major contributors to an XBRL taxonomy for GRC can contribute to the development of five defining domains, as follows:
* common financial and operational risk controls
* corporate social responsibility and transparency metrics
* issue and incident management taxonomy
* performance management reporting
* corporate policy and organizational strategy taxonomy
The construction of XBRL standards in each domain will address information standards based on authorities with respect to
* policies and processes modeling regulatory authority guidelines for laws, rules, and regulations;
* references and translation procedures based on authority documents;
* object definitions, elements, and specifications derived from authority documents;
* and metrics that define standardized process performance and risk indicators.
As painful as the economic environment has been for most businesses and markets, the opportunity for a deeper commitment to developing GRC components for XBRL has emerged. Over the next few years, as business performance improves and economic value ultimately rises, long-term efficiencies will be supported by a more coordinated set of information standards that inherently integrate risk and compliance processes. Advancing compliance and risk management capability across markets and industries is a deeply important and global role that is now a domain of XBRL.