GRC agility, integration and harmonisation

By Dr. Emmanuel Moore ABOLO

In today’s world, the organization is not only complex, but also chaotic and in a perpetual state of transmutation. The organization is:

• Distributed. Business is not done within traditional brick-and-mortar walls as it now has distributed operations complicated by a web of global business partners and client relationships. Physical buildings and conventional employees no longer define an organization. The organization is an interconnected lattice of relationships and interactions that span traditional business boundaries;

• Dynamic. Organizations are in a constant state of metamorphosis. The organization has to manage shifting business strategy, technology, and processes while keeping current with changes to risk and regulatory environments around the world; and

• Disrupted. The intersection of distributed and dynamic business leads to disruption. The velocity, variety, and volume of change is overwhelming – disrupting the organization and slowing it down at a time when it needs to be agile and fast.

Today’s business environment, therefore, demands agility from organizations to be successful. An agile organization is one that is quick in responding to changes in the marketplace or environment.

The ‘agile organization’ is also known as ‘the entrepreneurial organization’ and ‘the resilient organization’ and this kind of organization focuses on the customer which calls for customized rather than homogenous offerings.

A highly agile organization reacts successfully to the emergence of new competitors, rapid advancements in technology and sudden shifts in overall market conditions. Agile enterprises thrive in non-hierarchical organizations without a single point of control.

It’s agility that countenances organizations to respond effectively to turbulent market conditions and turn adversities into opportunities. But for most, this does not come easy. The problem is that most businesses still treat GRC as separate activities. This cannot be.

A holistic GRC initiative means deploying a single, unified set of integrated applications that go beyond compliance to proactively monitor, identify and manage risks. These applications should operate using a single, shared-data repository providing greater visibility across the organization and automating manual tasks, breaking down silos and effectively simplifying processes to aggregate risks and lower costs.

This approach also entails incorporating GRC management into all core business processes — all GRC applications must be embedded in day-to-day activities, and ensuring information and process consistency across the organization.

Doing so makes it easy to compile data for a comprehensive perspective on overall risk exposure, monitor risk and compliance, and modify business processes to respond actively to new opportunities and regulatory mandates.

An agile GRC program is like a well-oiled machine with multiple different parts working together in harmony. The idea is to aggregate and harmonize different perspectives on risk across various functions, be it quality, IT, or the business.

The other aspect of harmonization lies in ensuring that as internal and external environments change, GRC functions, processes, and systems also evolve – but in a well-coordinated and carefully thought-out manner.

There’s no point in investing millions of dollars in short-lived or “solve for now” GRC programs which only result in multiple silos and disparate processes. A better approach would be to integrate and harmonize GRC initiatives, not with a “big bang” or a “rip and replace” approach but in a phased manner.

Creating a solid, agile foundation of data and process frameworks is the starting point of a sustainable, future-ready, and agile GRC program.

According to Ernst & Young, the Agile GRC approach is built on a framework of four components:

• Purpose-led risk — making risk meaningful: the purpose-led risk approach aligns the cadence of strategic and business functions with the velocity of risk and opportunities to provide timely information and forecasting on key business drivers and values beyond the financial impact.

• Adaptive governance — governing performance and risk: the future of corporate steering and risk governance is based on an integrated and adaptive approach of performance and risk management that is enabled through transparency, agile collaboration and business-centric elevation.

• Optimized process — managing compliance in a smarter way: this includes making sure that regulatory changes and risk recognition are implemented in days rather than in months; securing the integrity of the organization and its people; and governing risk-based steering using holistic control optimization to enable trust and secure relationships in a performance-based manner.

• Digitally infused — turning data into multispeed action: excellence through transparency is rooted in a GRC approach based on digitalized and intelligent applications and services. Using technologies such as blockchain and machine learning is just the first glimpse into the future of intelligent risk and compliance solutions.

Characteristics of an agile GRC program is depicted in the diagram below. This ensures adaptability, cost effectiveness, improved business performance and integrity, scalability, continuous collaboration, efficient processes, and timely forward-looking intelligence.

Charles Darwin once said, “It is not the strongest or the most intelligent who will survive but those who can best manage change.” And it was Peter Drucker who also said that “The greatest danger in times of turbulence is not the turbulence – it is to act with yesterday’s logic.” These statements apply as much to GRC as it does to anything else.

The more agile a GRC program, the stronger and more responsive an organization becomes to the changes occurring around them. And the faster they can respond to change, the faster they can move ahead of the competition.