As the name suggests, GRC refers to governance, risk, and compliance services. GRC services comprise specialised services of internal audit, design and documentation of clients’ SOPs and enterprise risk management (ERM) services. GRC services are designed for the management to ensure that the risks of doing business are minimised while adhering to the governance principles.
Internal audit
Sharp and Tannan have been at the forefront, offering outsourced/co-sourced internal audits. We are firm proponents of risk-based auditing and focus on a value-added approach to business processes and build strong relationships with audit committees through regular communication.
Philosophy inspired by the Committee of Sponsoring Organizations of the Treadway Commission (COSO)::
We perform fair and unbiased category audits under the COSO 1992 framework - active for the past three decades. We focus on risk identification and evaluation, strategic inputs, operational/process control optimisation, identification of value/cost-saving opportunities, process debottlenecking, compliance with relevant statute/organizational policies, and benchmarking by bringing in solutions and best market practices for effective implementation, to ensure the best value additions to clients.
To ensure the independent functioning of our personnel and enhance our skill sets, we conduct internal/external training including training on digital platforms, regular testing to monitor track learning, and regular upgrading of the GRC team to the latest developments.
Philosophy inspired by the Committee of Sponsoring Organizations of the Treadway Commission (COSO)::
We perform fair and unbiased category audits under the COSO 1992 framework - active for the past three decades. We focus on risk identification and evaluation, strategic inputs, operational/process control optimisation, identification of value/cost-saving opportunities, process debottlenecking, compliance with relevant statute/organizational policies, and benchmarking by bringing in solutions and best market practices for effective implementation, to ensure the best value additions to clients.
To ensure the independent functioning of our personnel and enhance our skill sets, we conduct internal/external training including training on digital platforms, regular testing to monitor track learning, and regular upgrading of the GRC team to the latest developments.
Sharp & Tannan’s internal audit service model:
- Co-sourcing internal audits and hand-holding of teams by subject-matter experts
- Outsourced internal audits
- A continuous /concurrent auditing model
- A staffing model to support specific tailor-made requirements
- Internal financial control testing
read more >
Design and documentation
Growing organisations often experience higher attrition and recruitment, both resulting in learning downtimes. A well-designed and documented process can help reduce the downtimes by providing a framework to manage the day-to-day operations A well-defined process if followed, always gives consistent results which helps the management focus on more challenging and dynamic external issues. We provide design and documentation services to our clients through the following steps
- identifying the business processes
- thoughtfully mapping the people and processes with their roles/responsibilities
- designing and documenting the standard operating procedures (SOPs)
read more >
Enterprise Risk Management
Why ERM?
Brief requirements of the Companies Act, 2013
Section 134 : Every report of the board of directors must include a statement indicating the development and implementation of a risk management policy for the company. This includes the identification of risk elements of risk which in the opinion of the board could threaten the existence of the company.
Section 177:The audit committee shall act in accordance with the terms of reference specified in writing by the board, which shall inter alia, include evaluation of risk management systems.
Schedule IV: Independent directors should feel assured that the systems of risk management are robust and defensible.
Key considerations
Board and various committees :
Identification of elements of risk should factor-in external risks to the organisation, like geo-political, economic, regulatory, competitive risks etc.
Also needed is a continuous evaluation of risk management systems, including recognising emerging risks, classification and reclassification of risk, and checking the effectiveness of a company’s response to risk.
The process:
- We focus on risk management in all business processes and utilities
- We use risk management outcomes to evaluate both business and individual performances
- We decentralise responsibility to manage risk at key operating levels
Risk management strategy:
- We provide a macro-level understanding of the risk involved in our clients’ processes and activities
- We spot the biggest risks and identify the weakest controls
- We assess the impact of risk in critical processes
Operating in the face of risk:
- We help assess the impact of risks on the taking of operating decisions.
- • We provide a yardstick for assessing the quality of these decisions
read more >