Governance, Risk and Compliance Handbook: Technology, Finance, Environmental, and International Guidance and Best Practices
Reviewed by A. Rafeq, CISA, CGEIT, CIA, CCSA, FCA
Governance at the enterprise level has been gaining increasing prominence due to requirements of business, management and regulators. Regulations such as the US Sarbanes- Oxley Act and similar regulations worldwide have pushed governance to the forefront and have made implementing governance and control frameworks a compliance requirement. This has made it imperative for enterprises to understand governance, risk and compliance requirements as relevant.
Compliance has emerged from a peripheral concern of auditors and lawyers to an area that encompasses an entire organization as well as its suppliers, customers and other stakeholders. All business managers, from mid-level to executive, need to understand the multitude of compliance initiatives designed to improve transparency in financial reporting and good corporate governance.
Providing a comprehensive framework for a sustainable governance model and describing how to leverage it in competing global markets, Governance, Risk and Compliance Handbookpresents an overview of the political, regulatory and technical process and people considerations in complying with an evermore demanding regulatory environment and achieving good corporate governance. Featuring contributions from 64 industry experts from 15 countries, this handbook offers an international overview of compliance challenges and national and regional guidelines to compliance. The handbook also touches on the current state, major trends, best practices, case studies and benefits of becoming compliant sooner rather than later. The book could be useful to IT professionals, IT security and control professionals, senior management, consultants and anyone interested in governance, risk and compliance.
The book also is designed to provide a conceptual overview of various aspects of governance, risk and compliance. It is a strong compilation of articles on a variety of subjects from different perspectives and countries. The handbook provides wide coverage, at a higher introductory level. It includes detailed country and regional guidance for major economies of the world and several industries, technology tools guidance, operational risk guidance, and more indepth corporate governance guidance.
The book is divided into eight parts and has 67 chapters. Additionally, there are six supplementary chapters available online.
There is a hierarchy of governance standards at levels of corporate controls (governance frameworks, IT controls [control objectives] and security controls). It is important for an enterprise to implement a system of governance that is holistic and links all levels of management.
The book is a compilation of articles by more than 50 authors. Hence, there is lack of continuity. The editor states that the goal of each article is to provide an introduction to the subject and point the reader to sources for more detailed information. The book does not get into practical aspects in detail. Hence, the documentation is limited and introductory. Considering the number of topics covered that cater to different readers, readers can select the topics most relevant to their situations.