No longer can simplicity reign in business operations.
In the age of expansive growth and changes in regulations, risks, distributed operations, globalisation, business data and technology, complexity dominates and creates difficulties for companies of all sizes.
Today, executives and boards – as well as management professionals — have to contend with keeping change, complexity, performance, and business strategy under control and in keeping with governance, risk management and compliance (GRC) rules.
A layperson may assume that, because of the board’s role in company governance, GRC is implemented by initiatives and strategies led by the board.
However, the opposite is true in most cases. Risk management and compliance officers, in fact, drive the vast majority of GRC initiatives and often keep C-suite executives and the board ‘out of the loop.’
Considering that the latter are the ones who ultimately have fiduciary responsibilities for all of GRC, this may be a problem. There are many benefits to a board-led, top-down approach to GRC.
Do you have a clear understanding as to what GRC signifies?
This is vital to understanding the list of benefits to a board-led, top-down approach to GRC we’ll describe in the second half of this blog post.
Corporate governance is a capability to reliably fulfill business goals, while controlling uncertainty (Risk Management) as much as possible. In addition, the company acts with integrity (Compliance).
Context for risk management and compliance begins with Governance:
Governance refers to the reliable pursuit and attainment of business goals by company representatives. These goals can fall under an overall entity level, but also can be divisional, departmental, on a project-level, process-level or even asset-level. Governance refers to the directing and piloting of the company in its pursuit of carefully outlined objectives and goals.
Risk Management treats the effect of uncertainty on achieving company goals. Most companies optimise risk taking to create value as an organization, but study ways to minimise the negative effects of such to itself and the larger community, while enhancing the positive effects of the same.
Compliance entails acting with integrity. This goes beyond a standard regulatory compliance programme, to include all adherence to the organisation’s stated obligations and commitments. Again, not just regulatory, these can be found in values, ethical statements, code of conduct, contracts, and environmental, social and governance (ESG) understandings.
In other words, good governance is founded on good risk management and compliance programmes.
However, some companies implement GRC strategies that are wholly about risk management and compliance but do not connect or even properly develop the governance aspect of GRC.
This has to change if financial success is to be had.
Why a Siloed Approach to GRC is a Bad Idea
Scientists who strive to understand biological ecosystems fully know that environmental problems cannot be understood in isolation. As complex, systemic problems, the interdependency and interconnectedness of environmental problems require a contextual holistic awareness – wholly integrated, these problems should not be analysed as a dissociated collection of parts and systems. Indeed, one environmental change can trigger a cascade of effects that impact the entire ecosystem in question.
The need for a 360-degree contextual awareness also applies to the world of business. The complex, intermeshed objectives, risks, and integrity of the organisation need to be approached as a large whole, rather than as parts in isolation.
When the audit or compliance angle dominates in the depths of departments and governance is too thin or disorganised, problems arise. In fact, decision-making in governance should start at the top of the company—the board—and affect all lower levels.
The best kind of top-down decision-making is the kind that is integrated and disciplined, wherein company strategy and performance are probed and evaluated every day. Boards and GRC officers should work together in monitoring risk-taking, judge whether the risks on the table are the right risks to achieve business goals, and review whether risks taken in the past were effectively reigned in.
The Benefits of a Board-led, Top-Down Approach to GRC
Companies that embrace a board-led, top-down approach to GRC will become:
More Agile: The board and stakeholders work hard to make the company not just fast, but nimble. However, being swift does not help if the company is on a downward path. Good GRC leads to instructions and actions that are fast, well thought-out, and expertly coordinated. When GRC is implemented to good advantage, strategic opportunities are seized, company staffers act with more confidence (regarding the company’s ability to achieve goals) and agility becomes natural regarding every business move of the company.
More Aligned: In working to have a good GRC programme, which can include counter financial terrorism (CFT), financial crime prevention and anti-money laundering (AML) sub-programmes, company leaders constantly align performance with business objectives. The board and C-suite executives continuously marry strategy with information from GRC management in order to move forward in business.
More Efficient: Senior executives and the board work to build a lean machine of an enterprise – expenses are often kept to a minimum. Without constant checking, the expenses of a company can skyrocket from unnecessary redundancy, duplication, and misallocation of resources. Hence, the attitude of many boards to constantly trim the ‘fat.’ Enhanced GRC capability helps to make the enterprise leaner so that optimal board-led and high management decisions are taken regarding the company’s overall allocation of resources.
More Aware: Good company leaders zealously guard the interests of the organisation and watch for all internal and external changes that introduce risk to growth plans and projects. A successful company board understands the value of turning big data into shareable information. This, after pondering and analysis, helps steer the company onto a path of successful profit-making that is in keeping with GRC guidelines.
More Resilient: The best-devised GRC-guided plans of big and small companies can fail. Company leaders need to be able to work overtime and ‘bounce back’ quickly from bad decisions and failed business projects; their jobs are all about limiting the overall business impact of any failure that has made them stumble. As long as stakeholders allow for sufficient tolerances over bad steps taken, the best boards find the confidence to adapt, generate and respond to opportunities that take them out of the failure pit as quickly as possible. The resilience of board-led companies is unique and renowned; it has them surviving better than companies who are not board-led. This is a major benefit to fully incorporating company-wide GRC initiatives.
More Responsive: When companies do not sense an internal or external change that proceeds to impact the enterprise, mature GRC management can eventually save them. GRC officers, through the provision of transparency, can give a board greater awareness of information that can make or break a business act or decision. GRC programme initiatives, such as Know Your Client (KYC) and Client Due Diligence (CDD) sub-programmes, can swiftly cut through the morass of big data to find what senior executives and the board need to know to make the best decisions.
A board that is continually directing the company’s GRC programme from top-to-bottom has a tremendous competitive advantage over other companies.
Streamlined, ‘fit,’ and knowledgeable about GRC regulations will have it making fewer business mistakes in the short and long-run.
The benefits described above should be enough to make any compliance officer work hard to keep senior executives and the board continuously ‘in the loop’ about GRC guidelines.