strategic imperative has grown momentum, and in a
single paragraph summarizes the activities of ERM which will take organisations years and years to
accomplish, stating that: organisation can support ERM solutions when they reach a certain level of
business and information maturity. When this occurs, they establish a “risk culture” and then gather
risk intelligence. The adoption of a process focused on GRC as against the “siloed” issue -by-issue
style follow. In addition to these, they suggest that the organisations establish a risk and compliance
architecture that considers the business processes, the people and the information technology. And
finally, the organisation commits and trains the members consistently on corporate policies and
procedures.