Tuesday, May 19, 2020

Driving “Time-to-Adoption” GRC Discipline

An effective "Time-to-Adoption" is a critical leverage point for the organization to facilitate successful business functioning while ensuring there are adequate controls in place to operate responsibly in accordance with its business values and strategic goals.

We live in an era of information abundance but insight scarcity, full of uncertainty, velocity, complexity, and ambiguity. The result is the higher risk of conflict and inertia, not something that the organization wants in a dynamic business environment demanding innovation, speed, responsiveness, and flexibility to succeed.

As business leaders today, you can’t predict every turn or curve that the organization will face. The lack of risk awareness creates more blind spots uncovered, and gaps unfilled. They should keep asking themselves and others: What is the "spirit" in today's governance body? And what are the perspectives for the future of governance? One of the most important Critical Success Factors (CSF's) in GRC discipline is "time-to-adoption" in addition to "time-to-payback."



Embed GRC mechanism in the key business processes: Corporate GRC disciplines have a direct link to business and its processes. Governance mapping helps to identify interdependencies and streamline governance processes. There are often disruptive processes or technologies that need some relaxation of the old governance models. Having a good understanding of the business vision and mission will ensure that an appropriate GRC structure is realized without being bureaucratic or misaligned with business objectives. GRC is not a single process, but a collection of processes with other governance mechanisms, such as roles and technologies, etc. It makes sense to have governance processes that are more lightweight, continuous, and focus more on results rather than detailed plans.

The value proposition of good governance, brand, and compliance should be integrated within and across operations not siloed off in a box. Not only from the financial perspective but also from the involvement and signs being displayed inside the organization. Embed the GRC mechanism in the key business processes; think big (holistically) and small (focus), think lightweight (agility), think incremental, and most of all, think about how GRC can be delegated and even automated when possible.

Instill GRC discipline at organizational culture: The soft stuff (the human stuff) is the hard stuff for enforcing GRC practices. GRC is a collective mindset; GRC can be used to raise visibility and awareness for many things that are captured at the different levels of the organization. Corporate governance discipline can fulfill its purpose as a high-level business enabler by providing a structured communication bridge between shareholders/investors and top business leaders such as corporate directors. Organizations should be identifying patterns for good governance and promoting engagement, motivation, and innovation as these are vital aspects of top-performing enterprises in our modern economy.

In mature organizations, GRC is a strategic imperative and to move beyond the corporate cop image to being the champion of corporate culture, ethics, and responsibility. In fact, GRC is moving more and more to be the hub and harbinger of culture and values. It needs to include engagement and motivation because a focus on control and enforcement has the tendency to damage an enterprise's capacity to motivate and engage staff. GRC is about collaboration and harmony via sharing information, knowledge, and common processes.

Enforce GRC practices at daily business activities: Theoretically, almost everything in an organization should have both management and governance components, as governance needs to focus on effectiveness, to ensure business doing the right things, as management is about doing things right. GRC is not about a single role or reporting structure, as there are separate functions/roles. It's important to enforce GRC practices at daily business activities such as iterative communication and continuous improvement.

In many organizations, much of GRC is reactive in the sense that there is a lot of rushing around trying to fix problems after they have occurred. Statistically, more than three-fourths of today's business value is based on their ability to embrace complexity, understand future opportunities, decide which one to go after and which one they will not go. Highly responsive organizations leverage effective risk management or compliance tools to monitor changes, alert the organization to risk conditions, and enable accountability and collaboration around changes impacting each firm.

An effective "Time-to-Adoption" is a critical leverage point for the organization to facilitate successful business functioning while ensuring there are adequate controls in place to operate responsibly in accordance with its business values and strategic goals. It doesn’t matter what the drive is, in a well-aligned and architected organization, governance must be assessed at the enterprise level and managed holistically because it’s one of the most critical pillars to run a high-performance business.

0 comments:

Post a Comment