Unpacking GRC

Good governance is the product of strong Governance, Risk and Compliance (GRC) management. So setting them out to have a relationship of equivalence is misleading. GRC, therefore, is something of a tautology: governance comprises risk and compliance; it does not complement them.

Governance is not management either. Rather, it sets the space for management. It defines the behavior of an organization. Or, put differently, governance refers to the structures, processes, rules and entrenched values through which decision making power that determines actions is exercised.

Governance can be seen as a container that holds and serves as a boundary too, its contents – the company’s strategy. There is a growing emphasis on governance. It was determined in King IV that the board should be responsible for the governance of risk – setting the appetite and tolerance within which decisions around risk can be taken.

Governance for Accountability

In any organization, accountability moves upward and responsibility moves downward.  Getting them aligned is good governance. A key factor in successfully effecting strategy is the inculcation of a culture that encourages employees to behave in a way that is synchronous with what is deemed permissible.

With this in mind, performance management can never be neglected as a discipline within GRC. Traditionally, there is a strong focus on areas that have a direct risk and compliance impacts, such as Health, Safety and Environmental Management, or Enterprise Risk Management. However, there is often poor visibility over how closely aligned employees’ behavior is to the company’s codes of governance. Ideally, this should be measured and reviewed through Key Performance Indicators that are based on the company’s defined value system.

Broadly speaking, GRC is a set of disciplines that are essential for a business to run in a sustainable way. Sir Adrian Cadbury’s definition of corporate governance goes to the heart of this: “Corporate governance is concerned with holding the balance between economic and social goals and between individuals and communal goals.

GRC and ERP

“The corporate governance framework is there to encourage the efficient use of resources and equally to require accountability for the stewardship of those resources. The aim is to align as nearly as possible the interests of individuals, corporations, and society. ”

Increasingly, we are seeing the usage of the term ESG (Environmental, Social, and Governance), as the need to balance the way a business behaves with the impact on society and the environment around it becomes more important. Also more prevalent these days is eGRC, a term which echoes ERP in referring to an integrated solution across an enterprise, as the need for efficiency and real-time reporting drives companies to replace myriad point systems with an integrated solution.

But what these systems are called is not all that important. What is important is how we can use the thinking and processes inherent in these disciplines to ensure businesses run in a more sustainable manner.