Business Daily Media

The Times Real Estate

.

How to build a successful governance, risk management and compliance strategy

  • Written by Simon Berglund, Senior Vice President & General Manager APAC, Diligent

Today’s governance, risk, and compliance (GRC) challenges for both public and private board members and CxOs are becoming increasingly intertwined and complex. From new data management and security regulations for critical infrastructure providers, to upcoming artificial intelligence (AI) regulations that are likely to impact multiple industries, there are many changes to the legal requirements and customer expectations of private and public sector organisations. For organisations that overlook these requirements, the financial, legal and customer loyalty costs can be dire.  

 

Yet, GRC continues to be siloed and undervalued. A recent audit of NSW public sector agencies found 268 control deficiencies and 12 high risk findings that could affect the agencies’ ability to achieve their objectives. Furthermore, nearly two thirds of organisations do not believe their board has sufficient understanding of current data governance challenges, and more than half of organisations do not have a data governance framework.  

 

More businesses are being called out for GRC-related issues, including mismanaged cyber security breaches, ethical conflicts mishandled by staff, and anti-competitive behaviour or services that were deemed unfair to the consumer. As these stories continue to make headlines, regulators’ and consumers’ sympathy for enterprises is dwindling, and there will be little forgiveness for organisations that should have known better. 

 

Having a GRC strategy that is effective and can be efficiently actioned by both executives and the board starts with getting the fundamentals right.

 

What is GRC and why does it matter?

 

According to Open Compliance and Ethics Group (OCEG), GRC is “the integrated collection of capabilities that enable an organisation to achieve Principled Performance.” It is a collection of capabilities that supports organisations in achieving operational resilience and assists organisations in meeting their commercial objectives while ensuring legal compliance and ethical consciousness. 

 

GRC is the conduit that enables organisations to operate ethically, minimise risks, and comply with laws and regulations, ultimately safeguarding their reputation, fostering trust with stakeholders, and supporting sustainable business growth. By integrating effective GRC practices, businesses are better equipped to enhance transparency, accountability, and resilience in the face of evolving regulatory landscapes and emerging threats.

 

Without executing against a clear GRC strategy, organisations risk operating without proper oversight and accountability, potentially leading to misconduct and systemic vulnerabilities.There would be no expectation or requirement to work ethically, consider the consequences of their actions, or plan ahead in ways that could protect their staff, customers or partners. 

 

The shortcomings of a siloed approach to GRC

 

GRC must be integrated into the way organisations operate every day, ensuring leadership and the board are aware of risks or issues as they happen. 

 

Organisations – private or public, for-profit or not-for-profit – need to be nimble, responsive, and efficient. It is no longer enough for executives to learn of a governance or compliance issue months after it has arisen, and start forming a solution, only to have that issue in the news or caught by regulators before the solution can be implemented. Similarly, organisations cannot afford to be distracted by individual emergencies as they arise without a bird’s eye view of how each issue is related or how solutions could be developed to address multiple or future issues concurrently. 

 

The bottom line is that the current siloed approaches to GRC will cost an organisation, perhaps dearly. Instead, organisations need to establish set processes, investments, and resources that work across the organisation. 

 

Adopting an integrated approach to GRC

 

A successful GRC strategy will be:

Comprehensive: Executives and board members should be able to understand what is happening and why, as well as how to ensure issues are resolved by the right teams and with tangible outcomes. 

Consistent: Analysts and business leaders need to be able to compare risks, threats, measurements, and methods in a consistent manner throughout the organisation. This allows them to then extract curated insights that they choose to surface to the board via integration with the board management portal

 Coordinated: Effective collaboration and information sharing across an organisation can enable departments to learn from each other and mitigate or address risks that may be impacting multiple parts of the organisation.

 

Lastly, it is not enough to have a set-and-forget approach to GRC. Organisations and the environments in which they operate are constantly changing. GRC strategies need to factor in a long-term approach that can be scaled, as well as flexibility in cases where the organisations needs may shift over time. While it is impossible to completely eliminate all risks from a business, there are simple steps and Managed Compliance Solutions that organisations can adopt today to help them close foreseeable gaps and operate in line with acceptable risk tolerances. 



Simon Berglund, Senior Vice President & General Manager APAC, Diligent

Cutting edge AI technology designed for doctors to reduce patient wait times launched in NZ

New Zealand specialist doctors now have access to Artificial Intelligence technology to help reduce patient wait times and experts say it could be...

Launchd Takes Off: Former AFL Stars Lead Tech-Powered Platform Set to Disrupt Talent and Influencer Marketing

Backed by Institutional Capital, Launchd Combines Five Leading Agencies and Smart Technology to Deliver Measurable Results Influencer marketing i...

Meet the Australian fintech unlocking rewards for small businesses

Small businesses make up 98 per cent of all businesses in Australia, yet they continue to bear the brunt of economic uncertainty. According to Credi...

Teleperformance (TP) Business Insights Report Reveals Key Shifts in Consumer Behaviour

TP’s Business Insights report  into consumer behaviors and preferences, taking in more than 57,000 respondents across 19 sectors, is shedding new li...

HubSpot launches platform-wide AI tools to help businesses close the adoption gap

HubSpot today unveiled more than 200 updates across its customer platform to help businesses grow better. The release introduces smarter tools, new AI...

Why Every Leader Needs a Personal Branding Strategy in 2025

One of the best investments you can make in 2025? Your Personal Brand.In today’s competitive and digitally driven business world, authenticity and...

Sell by LayBy