Business Daily Media

How to build a successful governance, risk management and compliance strategy

  • Written by Simon Berglund, Senior Vice President & General Manager APAC, Diligent

Today’s governance, risk, and compliance (GRC) challenges for both public and private board members and CxOs are becoming increasingly intertwined and complex. From new data management and security regulations for critical infrastructure providers, to upcoming artificial intelligence (AI) regulations that are likely to impact multiple industries, there are many changes to the legal requirements and customer expectations of private and public sector organisations. For organisations that overlook these requirements, the financial, legal and customer loyalty costs can be dire.  

 

Yet, GRC continues to be siloed and undervalued. A recent audit of NSW public sector agencies found 268 control deficiencies and 12 high risk findings that could affect the agencies’ ability to achieve their objectives. Furthermore, nearly two thirds of organisations do not believe their board has sufficient understanding of current data governance challenges, and more than half of organisations do not have a data governance framework.  

 

More businesses are being called out for GRC-related issues, including mismanaged cyber security breaches, ethical conflicts mishandled by staff, and anti-competitive behaviour or services that were deemed unfair to the consumer. As these stories continue to make headlines, regulators’ and consumers’ sympathy for enterprises is dwindling, and there will be little forgiveness for organisations that should have known better. 

 

Having a GRC strategy that is effective and can be efficiently actioned by both executives and the board starts with getting the fundamentals right.

 

What is GRC and why does it matter?

 

According to Open Compliance and Ethics Group (OCEG), GRC is “the integrated collection of capabilities that enable an organisation to achieve Principled Performance.” It is a collection of capabilities that supports organisations in achieving operational resilience and assists organisations in meeting their commercial objectives while ensuring legal compliance and ethical consciousness. 

 

GRC is the conduit that enables organisations to operate ethically, minimise risks, and comply with laws and regulations, ultimately safeguarding their reputation, fostering trust with stakeholders, and supporting sustainable business growth. By integrating effective GRC practices, businesses are better equipped to enhance transparency, accountability, and resilience in the face of evolving regulatory landscapes and emerging threats.

 

Without executing against a clear GRC strategy, organisations risk operating without proper oversight and accountability, potentially leading to misconduct and systemic vulnerabilities.There would be no expectation or requirement to work ethically, consider the consequences of their actions, or plan ahead in ways that could protect their staff, customers or partners. 

 

The shortcomings of a siloed approach to GRC

 

GRC must be integrated into the way organisations operate every day, ensuring leadership and the board are aware of risks or issues as they happen. 

 

Organisations – private or public, for-profit or not-for-profit – need to be nimble, responsive, and efficient. It is no longer enough for executives to learn of a governance or compliance issue months after it has arisen, and start forming a solution, only to have that issue in the news or caught by regulators before the solution can be implemented. Similarly, organisations cannot afford to be distracted by individual emergencies as they arise without a bird’s eye view of how each issue is related or how solutions could be developed to address multiple or future issues concurrently. 

 

The bottom line is that the current siloed approaches to GRC will cost an organisation, perhaps dearly. Instead, organisations need to establish set processes, investments, and resources that work across the organisation. 

 

Adopting an integrated approach to GRC

 

A successful GRC strategy will be:

Comprehensive: Executives and board members should be able to understand what is happening and why, as well as how to ensure issues are resolved by the right teams and with tangible outcomes. 

Consistent: Analysts and business leaders need to be able to compare risks, threats, measurements, and methods in a consistent manner throughout the organisation. This allows them to then extract curated insights that they choose to surface to the board via integration with the board management portal

 Coordinated: Effective collaboration and information sharing across an organisation can enable departments to learn from each other and mitigate or address risks that may be impacting multiple parts of the organisation.

 

Lastly, it is not enough to have a set-and-forget approach to GRC. Organisations and the environments in which they operate are constantly changing. GRC strategies need to factor in a long-term approach that can be scaled, as well as flexibility in cases where the organisations needs may shift over time. While it is impossible to completely eliminate all risks from a business, there are simple steps and technology solutions that organisations can adopt today to help them close foreseeable gaps and operate in line with acceptable risk tolerances. 



Simon Berglund, Senior Vice President & General Manager APAC, Diligent

2025: E-Commerce's Reinvention Begins Now

This has been a year of disruption for the retail sector, but if 2024 was about survival, 2025 is about reinvention. With consumers evolving faster ...

4 Key Ways to Protect Your Small Business During Your 2025 Launch

With a focus on key protective measures, these tips equip you with the necessary insights to ensure a successful and secure start. Whether you're ...

Digital Matter Launches New Tracking Solution

New Remote Monitoring Solution:  Accuracy, Performance and Longevity   Digital Matter, a leader in low-power GPS and IoT hardware development, ha...

Unveiling Amazon Nova: The New Generation of Foundation Models

Amazon’s latest state-of-the-art foundation models offer intelligence and industry-leading price performance Amazon Nova models enhance the exten...

Belvedere continues Christmas tradition of donating toys to children in need

Christmas is a time for giving, and LewisLand Group is helping brighten the season for sick children through its donation of $10,000 worth of toys...

Retail Reinvented: How Technology and Consumer Confidence Will Shape 2025

As we approach 2025, Australia's retail sector stands at a pivotal juncture, influenced by evolving consumer behaviours, technological advancement...

Sell by LayBy