For the purposes of this discussion, we will define GRC as an integrated framework of board and management activities that examines the organization in terms of overall governance model and structure.  This includes identifying and managing the risks deemed critical to business success; achieving compliance with applicable laws; and creating an effective control environment.  Each element of this overarching framework can be satisfied with straightforward, practical activities, which are often supported by external teams of risk advisors and information technology (IT) professionals.

Increasing Importance

Despite the widespread confusion regarding the term, GRC continues to remain top-of-mind with C-suite executives—and for good reason.  In the United States, there is ongoing legislative and regulatory activity regarding measures that would either exempt or require small public companies, described as having a market capitalization of less than $75 million, from SOX compliance requirements.  While the SEC announced in October 2009 that these companies will be required to submit to reviews of internal financial controls, beginning with fiscal years ending on or after June 15, 2010, the U.S. House Financial Services Committee passed legislation in December 2009 with a provision that would either exempt or provide yet another delay for smaller public companies to comply with SOX requirements.

While the U.S. Senate reviews this specific piece of legislation during 2010, the U.S. Supreme Court will weigh arguments that call into question the validity of the Public Company Accounting Oversight Board—and thus SOX itself, the repeal of which would send reverberations throughout all markets.  Another current Supreme Court case highlights the impact of worker privacy rights on data networks, which places effective deployment of enterprise-wide policy at the forefront of discussion.

As these issues play out stateside, European Union countries face new changes to the Value Added Tax (VAT) system, which has been in use for more than 40 years and applies to most sales tax and purchase transactions in the EU.  The European Commission enacted the new rules to reduce fraud and give suppliers equal treatment regardless of their country, since every individual country currently has its own rules, legislation and rates.