How to Maximise the Value of Governance, Risk and Compliance

The GFC has raised the public profile of governance, risk and compliance (GRC) issues. It is organisations that can effectively and efficiently coordinate these intertwined activities that are getting real value from the costs of implementation.

GRC controls within a business are like the brakes on a Formula 1 car – the better the controls the more effective the brakes. The more effective the brakes the faster the business can travel.

It would be fair to say that very few entities consider spending on ‘compliance’ activities to add value to the business – in fact it is normally categorised around the board table and in the financials as a cost of doing business in a regulated market/industry.

The band-aid approach to GRC

The rate at which risk and compliance obligations have expanded in recent years, and the changes to business approach generated by financial stress, has meant many organisations have responded by putting a band-aid over the problem or by bolting in a new process or function.

An unwanted –and largely unseen – impact of this approach is that there will undoubtedly be overlaps across business units, overlapping responsibilities within business units, inconsistent processes throughout an organisation and wasted resources addressing each of the historic band-aids.

Some may think that this only applies to larger corporations – but any organisation that has changed a business process as part of doing business will have overlaps.

A sustainable integrated approach to GRC

There are ways to approach the implementation of new business processes and the coordination of existing risk burdens that can deliver a positive outcome.

Interestingly it is very hard to quantify the true cost of implementation and maintenance of GRC, as the delivery of GRC is spread out across the business, which is perhaps why there is resistance to spending in this area.

However, adopting an approach of identifying overlaps and duplication can lead to the creation of common infrastructure and common resources to deliver the GRC outcome which will generate expense savings.

The benefits

But the real benefit of an integrated approach comes from the ability to strip duplication out of existing processes, and generate staff awareness on the benefits of streamlining and identifying continual improvements to existing processes.

Organisations have struggled to leverage the implementation of GRC initiatives into a positive. Indeed risk departments have long been considered the ‘anti-business unit’ or the function that says ‘no’.

Companies that derive the maximum value from GRC have found a methodology where risk and compliance considerations are integrated into how the business is run.

If risk management (and compliance) is not focussed on where the company is going (i.e. strategic direction) and engaged in identifying risks that could derail the strategy, then time is being spent on dealing with the wrong business levers.

Identifying problems in the rear view mirror means they have already happened and organisations are dealing with the consequences – which involve a higher level of entity wide engagement and a higher cost. Plus it carries the likelihood that there is some form of concern being pursued by the stakeholders – wasting more of managements time on explanations, rather than executing a solution.

The future of GRC

As external stakeholders (e.g. shareholders, banks, credit providers and regulators) seek material evidence of an organisation’s take on governance accountability, a holistic approach to management of risks is being forced on corporations.

It is likely that these stakeholders have a different perception on what is an acceptable standard of governance and this can create tension for management.

Based on the legal risk to directors, this should lead to a desire to find more efficient ways of embedding risk management, compliance and governance into the management of corporations – regardless of the entity size.

Our guest blogger, governance specialist Philip Anthon, is Principal of Governance Worx Pty Ltd, a leading consultant on governance, risk and compliance issues. Philip is Chairman of a number of Compliance Committees and on the Board of various Fund Management organisations.

Categories :
Scroll to Top