Business Daily Media

Men's Weekly

.

How to build a successful governance, risk management and compliance strategy

  • Written by Simon Berglund, Senior Vice President & General Manager APAC, Diligent

Today’s governance, risk, and compliance (GRC) challenges for both public and private board members and CxOs are becoming increasingly intertwined and complex. From new data management and security regulations for critical infrastructure providers, to upcoming artificial intelligence (AI) regulations that are likely to impact multiple industries, there are many changes to the legal requirements and customer expectations of private and public sector organisations. For organisations that overlook these requirements, the financial, legal and customer loyalty costs can be dire.  

 

Yet, GRC continues to be siloed and undervalued. A recent audit of NSW public sector agencies found 268 control deficiencies and 12 high risk findings that could affect the agencies’ ability to achieve their objectives. Furthermore, nearly two thirds of organisations do not believe their board has sufficient understanding of current data governance challenges, and more than half of organisations do not have a data governance framework.  

 

More businesses are being called out for GRC-related issues, including mismanaged cyber security breaches, ethical conflicts mishandled by staff, and anti-competitive behaviour or services that were deemed unfair to the consumer. As these stories continue to make headlines, regulators’ and consumers’ sympathy for enterprises is dwindling, and there will be little forgiveness for organisations that should have known better. 

 

Having a GRC strategy that is effective and can be efficiently actioned by both executives and the board starts with getting the fundamentals right.

 

What is GRC and why does it matter?

 

According to Open Compliance and Ethics Group (OCEG), GRC is “the integrated collection of capabilities that enable an organisation to achieve Principled Performance.” It is a collection of capabilities that supports organisations in achieving operational resilience and assists organisations in meeting their commercial objectives while ensuring legal compliance and ethical consciousness. 

 

GRC is the conduit that enables organisations to operate ethically, minimise risks, and comply with laws and regulations, ultimately safeguarding their reputation, fostering trust with stakeholders, and supporting sustainable business growth. By integrating effective GRC practices, businesses are better equipped to enhance transparency, accountability, and resilience in the face of evolving regulatory landscapes and emerging threats.

 

Without executing against a clear GRC strategy, organisations risk operating without proper oversight and accountability, potentially leading to misconduct and systemic vulnerabilities.There would be no expectation or requirement to work ethically, consider the consequences of their actions, or plan ahead in ways that could protect their staff, customers or partners. 

 

The shortcomings of a siloed approach to GRC

 

GRC must be integrated into the way organisations operate every day, ensuring leadership and the board are aware of risks or issues as they happen. 

 

Organisations – private or public, for-profit or not-for-profit – need to be nimble, responsive, and efficient. It is no longer enough for executives to learn of a governance or compliance issue months after it has arisen, and start forming a solution, only to have that issue in the news or caught by regulators before the solution can be implemented. Similarly, organisations cannot afford to be distracted by individual emergencies as they arise without a bird’s eye view of how each issue is related or how solutions could be developed to address multiple or future issues concurrently. 

 

The bottom line is that the current siloed approaches to GRC will cost an organisation, perhaps dearly. Instead, organisations need to establish set processes, investments, and resources that work across the organisation. 

 

Adopting an integrated approach to GRC

 

A successful GRC strategy will be:

Comprehensive: Executives and board members should be able to understand what is happening and why, as well as how to ensure issues are resolved by the right teams and with tangible outcomes. 

Consistent: Analysts and business leaders need to be able to compare risks, threats, measurements, and methods in a consistent manner throughout the organisation. This allows them to then extract curated insights that they choose to surface to the board via integration with the board management portal

 Coordinated: Effective collaboration and information sharing across an organisation can enable departments to learn from each other and mitigate or address risks that may be impacting multiple parts of the organisation.

 

Lastly, it is not enough to have a set-and-forget approach to GRC. Organisations and the environments in which they operate are constantly changing. GRC strategies need to factor in a long-term approach that can be scaled, as well as flexibility in cases where the organisations needs may shift over time. While it is impossible to completely eliminate all risks from a business, there are simple steps and Managed Compliance Solutions that organisations can adopt today to help them close foreseeable gaps and operate in line with acceptable risk tolerances. 



Simon Berglund, Senior Vice President & General Manager APAC, Diligent

Small-Business Cash-Flow Playbook 2025

An educational guide to managing ATO debt, real-time super and growth finance in Australia’s new landscape Why ATO debt just became the most expe...

Landowners Offered $30,000 Per Year for Just 1 Hectare: The Rise of 5MW Battery Projects Across Australia

In a pivotal shift reshaping Australia’s renewable energy landscape, landowners in Queensland, New South Wales, and Victoria are being offered up ...

Major national security tech alliance launches with Aerologix a founding member

Australia’s leading drone intelligence pioneer bolsters sovereign tech power Australia’s leading aerial data and drone intelligence platform, Aer...

Chris Hancock AM Honoured as 2025 Communications Ambassador

SYDNEY Chris Hancock AM, former CEO of AARNet, has been awarded the prestigious Communications Ambassador title at the 2025 Telecommunications Indus...

Baby boomers are driving development feasibility leading to larger apartments

As residential developers continue to grapple with feasibility issues on apartment projects, the sector is struggling to deliver volumes of new st...

Hays launches FY25/26 Salary Guide: ‘Salary Paradox’ deepens as pay rises fail Australians

Rising dissatisfaction with pay, progression and perks is fuelling a new wave of career change in FY25/26, as Australians demand more from employe...

Sell by LayBy