“We provide insights and advice to help our clients make informed business decisions that add fuel to their missions”

If the pandemic has shown us anything, it’s that we need to be nimble when it comes to our strategy. Organizational risks cannot always be predicted but planning ahead can minimize the impact. Successful organizations integrate their ongoing strategic evaluation needs with risk management, so their strategy and risk management teams work together to share information.

GRF CPAs & Advisors is at the forefront of re-imagining the relationship between Enterprise Risk Management and Strategy, providing new innovative playbooks, deploying technologies, and developing customized group training. GRF joined forces with NC State ERM Initiative back in 2019 to expand their ERM training offerings. GRF’s Partner and Director of Risk & Advisory Services, Melissa Musser, CPA, CITP, CISA, is frequently asked to speak on this topic. In 2022, she was a featured speaker at the Risk Management Society (RIMS)ERM conference on “Creating a Happy Marriage between ERM and Strategy.” GRC Outlook recently spoke to Melissa about GRF’s service innovations.

“We are in the right place and the right time when it comes to our advisory services,” noted Ms. Musser, adding that there is a growing trend toward integrating strategy and risk management. The major risk management standards, COSO and ISO ERM frameworks, were updated in 2017 and 2018 to emphasise the need to have an evaluation of an organization’s strategic objectives at the core of Risk Management. In 2020, the Institute of Internal Auditors (IIA) updated their governance and risk management model (The Three Lines model) to emphasise that the best designed organizations are on offense, rather than defense.“ We are here to help organizations make this transition,” said Ms. Musser. “The demise of Blockbuster is such a good example of why it is imperative for risk management professionals to have a seat at the strategy table. There is an inverse relationship between strategy and risk and the two processes must be running in parallel, informing one another.”

Strategic Risk Councils
How can organizations achieve this alignment? One solution that has been gaining traction with GRF clients is the formation of Strategic Risk Councils. These councils develop playbooks that help council members and eventually the entire organization develop a common risk language. This way, when someone identifies a risk is “significant,” this risk is properly defined and can be understood across different organization silos. For example, a playbook can define when a cyber incident is significant, based on how it impacts the organization’s strategic objectives. The definition would include criteria for significance – such as the number of days it takes a system is down – and who is responsible for making decisions related to managing the incident. The Risk Councils work though the playbook to align all risks against overall strategic objectives.

Once the basic language, definitions, and risk appetites are defined and understood, organizations can take the next step and invest in ERM software. However even after implementation, organizations can review their processes to identify improvements. With fresh eyes, use of technology can be elevated to the Enterprise Risk Management level, where a clear picture of the strategic direction of the organization can be viewed.

Community Service at the Core
GRF works with all industries and organizations large and small. “We got our start working with Non-profits and International NGO’s Headquartered inWashington DC,” said Ms. Musser. “Our teams travel the globe for our clients to some of the most remote locations in the world. This has honed our skills in risk management and technology adoption, and we expanded from there!” Today, the company’s services range from traditional audit, tax & accounting solutions, to risk advisory services – including cybersecurity, internal audit, enterprise risk management, strategic planning, software implementation and forensic investigations. GRF also provides government contracting compliance services for government contractors (including non-profits).

Since 1981, GRF has established its presence within international organizations, serving clients in over 100 countries. The company employs a geographically and ethnically diverse workforce, and 15 languages are spoken among the staff. “After more than 40 years our culture remains the same, we care deeply about our clients and their missions,” said Ms. Musser. “One of my favorite quotes is ‘People don’t care how much you know, until they know who much you care.’” The right team with the right level of experience, expertise, and industry presence makes a huge difference for organizations transforming their operations. With 40 years of experience, GRF’s team of CPAs and advisors provide industry knowledge and technical know-how to help organizations large and small tackle new opportunities and challenges.

GRF’s experienced team work together across disciplines to offer a holistic suite of technology, risk advisory, and accounting services. “This allows us to provide exceptional service to our clients because we can anticipate and address a broad range of operational challenges. It also enables us to work with our clients as a trusted strategic partner. We provide insights to help our clients make the transition from being on defense to being on offense,” explains Ms. Musser.

The Blend of Expertise and Experience
What makes GRF stand out from the crowd is its ability to quickly assess an organization’s needs, and then work within the constraints of an organization’s resources to craft the right resolution. Ms. Musser recalls an instance when GRF helped a growing international organization that was struggling to manage offices in multiple countries. The company performed a mix of on-site and virtual audits in seven field offices located across South America, Africa, Asia, and the U.S. They needed an independent internal audit to determine if they were operating at efficiency and addressing all possible risks. GRF used a risk-based approach to develop detailed audit procedures customized for each office, and deployed efficient, cloud-based tools to conduct virtual fieldwork safely and securely.

The result was a report with detailed observations and recommendations that helped the client standardize policies and processes across its field offices, while also documenting the operations unique to each office and region. As an additional benefit, the organization’s external auditors were able to leverage GRF’s internal audit procedures during the annual audit. The client was able to both decrease the cost of its annual audit and minimize the staff time required.

“This is just one example of how we collaborate to solve problems,” said Ms. Musser. “Since opening its doors, GRF has been helping individuals, businesses, and non-profits achieve the maximum benefit in a variety of situations.”