Business Daily Media

How to build a successful governance, risk management and compliance strategy

  • Written by Simon Berglund, Senior Vice President & General Manager APAC, Diligent

Today’s governance, risk, and compliance (GRC) challenges for both public and private board members and CxOs are becoming increasingly intertwined and complex. From new data management and security regulations for critical infrastructure providers, to upcoming artificial intelligence (AI) regulations that are likely to impact multiple industries, there are many changes to the legal requirements and customer expectations of private and public sector organisations. For organisations that overlook these requirements, the financial, legal and customer loyalty costs can be dire.  

 

Yet, GRC continues to be siloed and undervalued. A recent audit of NSW public sector agencies found 268 control deficiencies and 12 high risk findings that could affect the agencies’ ability to achieve their objectives. Furthermore, nearly two thirds of organisations do not believe their board has sufficient understanding of current data governance challenges, and more than half of organisations do not have a data governance framework.  

 

More businesses are being called out for GRC-related issues, including mismanaged cyber security breaches, ethical conflicts mishandled by staff, and anti-competitive behaviour or services that were deemed unfair to the consumer. As these stories continue to make headlines, regulators’ and consumers’ sympathy for enterprises is dwindling, and there will be little forgiveness for organisations that should have known better. 

 

Having a GRC strategy that is effective and can be efficiently actioned by both executives and the board starts with getting the fundamentals right.

 

What is GRC and why does it matter?

 

According to Open Compliance and Ethics Group (OCEG), GRC is “the integrated collection of capabilities that enable an organisation to achieve Principled Performance.” It is a collection of capabilities that supports organisations in achieving operational resilience and assists organisations in meeting their commercial objectives while ensuring legal compliance and ethical consciousness. 

 

GRC is the conduit that enables organisations to operate ethically, minimise risks, and comply with laws and regulations, ultimately safeguarding their reputation, fostering trust with stakeholders, and supporting sustainable business growth. By integrating effective GRC practices, businesses are better equipped to enhance transparency, accountability, and resilience in the face of evolving regulatory landscapes and emerging threats.

 

Without executing against a clear GRC strategy, organisations risk operating without proper oversight and accountability, potentially leading to misconduct and systemic vulnerabilities.There would be no expectation or requirement to work ethically, consider the consequences of their actions, or plan ahead in ways that could protect their staff, customers or partners. 

 

The shortcomings of a siloed approach to GRC

 

GRC must be integrated into the way organisations operate every day, ensuring leadership and the board are aware of risks or issues as they happen. 

 

Organisations – private or public, for-profit or not-for-profit – need to be nimble, responsive, and efficient. It is no longer enough for executives to learn of a governance or compliance issue months after it has arisen, and start forming a solution, only to have that issue in the news or caught by regulators before the solution can be implemented. Similarly, organisations cannot afford to be distracted by individual emergencies as they arise without a bird’s eye view of how each issue is related or how solutions could be developed to address multiple or future issues concurrently. 

 

The bottom line is that the current siloed approaches to GRC will cost an organisation, perhaps dearly. Instead, organisations need to establish set processes, investments, and resources that work across the organisation. 

 

Adopting an integrated approach to GRC

 

A successful GRC strategy will be:

Comprehensive: Executives and board members should be able to understand what is happening and why, as well as how to ensure issues are resolved by the right teams and with tangible outcomes. 

Consistent: Analysts and business leaders need to be able to compare risks, threats, measurements, and methods in a consistent manner throughout the organisation. This allows them to then extract curated insights that they choose to surface to the board via integration with the board management portal

 Coordinated: Effective collaboration and information sharing across an organisation can enable departments to learn from each other and mitigate or address risks that may be impacting multiple parts of the organisation.

 

Lastly, it is not enough to have a set-and-forget approach to GRC. Organisations and the environments in which they operate are constantly changing. GRC strategies need to factor in a long-term approach that can be scaled, as well as flexibility in cases where the organisations needs may shift over time. While it is impossible to completely eliminate all risks from a business, there are simple steps and technology solutions that organisations can adopt today to help them close foreseeable gaps and operate in line with acceptable risk tolerances. 



Simon Berglund, Senior Vice President & General Manager APAC, Diligent

Importance Of Clotheslines In Every Home

As technology continues to advance, some household chores have become easier and more convenient. However, drying clothes still remains a task tha...

Property

The Fascinating World of Farms for Sale

Benefits of Owning a Farm When many people think of the benefits of owning a farm, they immediately think of fresh food, open spaces and a pictur...

Property

Understanding MBA Admissions Consulting

Pursuing a Master of Business Administration (MBA) degree is a significant decision that requires careful planning and preparation. As the competi...

Business Training

Mastering English from Home with The Benefits and Strategies of Online English Tutoring

Online English tutoring has become an increasingly popular way to improve one's language skills from the comfort of their own home. With the help of k...

Business Training

Get into the property market: Buy a house with someone else and split the home loan. Find out the pros and cons

Split home loans are on the rise as more Aussies pool their cash to get into the property market to enjoy the wealth creating benefits of home own...

Property

Why Australia’s construction bust will give commercial property values a boost

With builders folding on the daily, second-hand assets are starting to look like a safe haven for property investors, notes Peter Rose, Director, ...

Property