This paper highlights the problems facing financial institutions in managing risk at an enterprise level. Chief risk officers (CROs) are confronted with the significant task of managing risk due to the high degree of uncertainty over the provenance and accuracy of risk data and information. This paper, therefore, considers the following questions:

• What is required to provide the group risk function with the same level of oversight and control over risk data and information that enterprise resource planning (ERP) systems have provided group finance?
• What is required for the wholesale transformation of risk management in the enterprise?
• How do business operating models need to change to facilitate true integration of business objectives and related risks?

While the problems with the siloed nature of risk management have been noted, the final point above is concerned with the disconnection between the management of business objectives and that of risk. The fundamental question that this article aims to answer is: How can GRC (governance, risk management, and compliance) practice and systems evolve to support the integration of risk management with business management?