Wednesday, January 12, 2022


For an organization embarking on a governance journey, it might be good to start at the top with a risk-awareness culture.

Governance is an internal control to ensure business effectiveness, monitor strategy execution paths to achieve expected performance. When governance is seen as a constraint only, it perhaps stifles transformative changes or innovation. 

The higher the complexity of the organization, the complexity of the environment in which it operates, the higher the requirement for business connectivity by enforcing communication, coordination, and control.

Governance & technology: Governance is complementary to management approach, ensuring organizational effectiveness and agility. Governance, risk management, compliance is a collection of processes, some of which are information technology enabled. Technology can automate mundane parts of governance processes and allow you to maximize efficiency in areas, However, technology is merely a tool, not the driver. They are simply tools that make the process more reliable and to an extent faster. You cannot automate all aspects of GRC, you should automate all areas that don't require human intervention. Technology cannot replace the human touch; without talented people, the "automated" software that is being applied would be useless.

To improve governance maturity, always go back to that old chestnut of "people, process, and technology" to address business issues. Any GRC software solution is only a tool to assist in the administration of the business function or the mechanisms embedded into the process for enhancing control. People still have to decide how to best apply a tool and incorporate the tool into the business system for improving organizational maturity. Therefore, it is critical to look at culture, staff training, existing processes, and existing technology first, make improvements if necessary, then determine whether new tools would be a good addition to the mix for optimizing GRC disciplines and practices.

Governance & architecture: Governance is an integral part of business strategy management with both hard disciplines and soft ingredients. An enterprise architecture enabled GRC discipline helps business management raise visibility and awareness for many things such as culture, decision processes, that are captured at the different levels of the organization, and gain an in-depth understanding of risks and conducts. Organizational change becomes common practice within an organization to improve strategic responsiveness, business adaptability and agility. Governance is critical to improve change effectiveness as statistically, change management has a very lower success rate.

Governance is like the steering wheel of the company; enterprise architecture provides you a holistic view for business steering so that the business problem can be seen from every relevant perspective and every perspective has a whole world behind itself to be described. Processes/controls need to be designed based on people and the culture within an organization at that time. Process is multidimensional. By leveraging enterprise architecture as an effective tool, a cohesive set of governance practices can enforce varying governance activities such as delegation of authority, auditing, or strategy monitoring and the overall accountability at every level of the organization.

Governance & framework, structure:
Governance can begin with frameworks, structures, policies to be put in place, depending on the nature, scale and complexity of the organization. Governance structure is independent of management structure, but governance process or mechanism can be embedded into business processes seamlessly. Systematically structured governance enforces the breadth and depth of business management with strong alignment, transparency and accountability.

It doesn’t matter what the drive is, in a well aligned and architected organization, governance must be assessed at the enterprise level. Strong governance practice should be shared cross-enterprise collaboratively by developing an effective governance framework with multiple components such as business relationship that defines responsibility and accountability, performance assessment, commitment compliance (meeting legal, regulatory, corporate requirements) risk management (assessment and reviews). All of these are applicable to the entire organization to ensure GRC maturity.

Often risk and opportunity co-exist. Risk should be seen in a much brighter light as it creates many opportunities for those that wish to see beyond a defensive response. Information technology is a critical ingredient in GRC disciplines. For an organization embarking on a governance journey, it might be good to start at the top with a risk-awareness culture (awareness, appetite, attitude, environment, oversight, etc.), you have to keep making adjustments and steering the organization in the right direction for achieving higher than expected business results.


Post a Comment