RISK MANAGEMENT HEALTH CHECK
Embrace the hidden power of governance, risk and compliance … but not in the way you think!
We live in exciting but unchartered, dangerous times. But it is vitally important for our continued survival that we learn to better manage the highly dynamic and complex interrelationships between critical areas such as governance, risk and compliance.
Many would claim our current economic climate is partly or wholly due to a significant number of corporate failures which have challenged the very foundations of the global economic system. These failings can be argued as being evidence of an ineffective approach to managing governance, risk and compliance activities. Transparency, sustainability and ethicability are words that now dominate the corporate landscape … but trust seems to have been fatally wounded. Clearly, there is much that needs to be improved about the way we run our modern organisations.
Over the last ten years or so, the acronym GRC has been used to describe an integrated approach to managing these components. During this period, the Open Compliance and Ethics Group (OCEG) has emerged as the only non-profit organisation dedicated to promoting a framework to support this. However, it is important to recognise that there are other ways of achieving a similar level of integration which should also be considered.
A coordinated approach to managing this complexity makes sound sense and in isolation, on paper, can be easily justified. However, the barriers to effective implementation are many and need to be better understood. The realities of the new world in which we all now live and work are such that we can no longer accommodate inefficiencies in our critical functions and processes.
The time has come for us to look at our organisations in a different, much more holistic, synergistic and sustainable way. An integrated approach to managing governance, risk and compliance provides us with a way of achieving this, but only if we learn from the past and provide the correct environment for our efforts to succeed.
Everything we do involves a combination of governance, risk and compliance… from the biggest undertaking to the smallest activity … in the boardroom, at the project, portfolio or programme level and everywhere else in the organisation. However, the extent to which these activities are effective depends so much on the way in which these three critical functions are integrated or more accurately, coordinated.
Last year, the Institute of Business Ethics (IBE) published very interesting research about the state of governance and ethical behaviour across the European Union. In this report there is a great graphic on page 7 that shows IBE’s view on the ethical aspects of corporate governance and provides further clarity on the pivotal, leading role it provides.
It is also important to note that achieving governance, risk and compliance nirvana does not automatically need us to deploy new systems or technology… but sometimes they are required to help provide a more robust foundation on which use appropriate facilitating tools and techniques.
So let’s start to have a look at why these areas are so important:
G – GOVERNANCE
From research conducted last year by the author, it is clear that one of the biggest barriers to the effective harmonisation of these essential organisational elements is culture. Subsequent research has suggested that specifically it is the culture of the boardroom… governance culture… which determines the extent to which harmonisation efforts can be achieved. But how do you influence governance culture to make it more receptive to harmonising governance, risk and compliance activities… the silos that traditionally constrain the extent to which organisational activities can be optimised?
There are no easy answers or solutions to this conundrum. Recently, exciting initiatives such as ethical leadership and OCEG’s Principled Performance approach may provide part of the solution for achieving this. But it is clear than none of these are quick-fix solutions and require considerable, sustainable commitment of board members to bring about the required changes.
In some circles, the G in GRC is now being replaced by P representing the importance that performance plays in bringing about the required changes in organisational behaviour. This is possibly a good move as there still seems to be some considerable confusion as to what governance really means. From the authors own real-life experience it often simply represents the various facets of corporate leadership which ultimately set the scene, the tone at the top, that the organisation has to operate within. It is for this reason that ethical leadership may provide an important part of the solution which is needed. Of particular interest in this area is the work of Roger Steare, Linda Fisher Thornton and others, who are now actively challenging the way in which our organisations are led by pushing for a more ethical driven approach.
Another interesting development is the growing recognition of something called conduct risk. This has recently received further emphasis by the publication of the UK Financial Conduct Authority’s (FCA) Risk Outlook 2013 in which consideration attention is given to discussing the drivers of conduct risk and the evolving conduct risk landscape.
R – RISK
An example of how the lack of a joined-up approach can cause problems is found in the way risk is sometimes handled. The management of risk can easily fall victim to the use of a siloed approach to running a business. There have been many recent business failures that can be directly attributed in whole or part to this siloed and disjointed approach to managing risk.
The absence of a risk-friendly appetite and culture can also create very real barriers that prevents board and other key stakeholders from seeing a complete joined-up picture of what is really happening within their organisation.
In the last couple of years there has been significant attention given to this and these related challenges of risk appetite and culture; one of the main contributors to this thought leadership debate has been the work of the Institute of Risk Management (IRM). However, producing thought leadership materials is one thing but actually implementing them is another completely different matter. It is for this reason that the author is particularly interested in how the culture … particularly, governance culture … can be influenced to enable it to be more receptive to actually successfully implementing the required fundamental changes in attitudes, behaviour and ultimately, culture.
C – COMPLIANCE
The threat of regulatory failure has created a culture in some organisations where it sometimes seems as if sight of the bigger picture has been lost. There are now even case studies available about organisations who previously held best practice, world class positions only to find that because of changes in their approach to compliance and other factors, their culture changed so significantly that they not only lost these enviable positions but also got fined by regulators for breaches in compliance; in some extreme cases, they now appear in text books as to how quickly you can lose your reputational standing if you don’t keep in touch with the bigger picture and what is really happening in your organisation!
It is so easy in the current climate to create a culture where individuals blindly follow processes and procedures at the expense of common sense. With the increasing amount of regulation and standardisation, it often seems as if individuals have lost the ability to behave ethically. The result can be an increasingly disengaged workforce that sometimes appear to mentally switch-off on arrival at work and who only really wake up again when it is time to go home!
A recent TED Talk by Yves Morieux from BCG provides a supporting and slightly controversial view as to why people feel so miserable and disengaged at work. In his view, it is because today’s businesses are increasingly and dizzyingly complex, and traditional pillars of management are obsolete! However, he proposes six key rules to encourage employees to cooperate in order to solve long-term problems. Yves believes that it isn’t just about reducing costs and increasing profit, it’s about maximising engagement through all levels of an organisation.
The increasing amount of regulation seems to be a reflection of the backward facing approach that is quite often adopted by our regulators. Unfortunately, instead of improving the situation and reducing risk, this approach sometimes creates more risk and on occasions, even encourages unethical behaviour. In response to this, there are an increasing number of people who are now suggesting we need less not more regulation and a return to a much simpler Aristotelian based approach to ethical corporate leadership.
CONNECTING THE DOTS
In trying to make sense of all of this, it can become very frustrating. From looking at real-life experiences in this area, there appears to have been much talking and even more selling but very few tangible examples currently that clearly demonstrate the business benefits of adopting such an integrated approach.
That doesn’t mean they aren’t out there, simply that they are difficult to find.
So we are clearly all on a journey, just like the members of the IRM Special Interest Group (SIG) in GRC that the author helped to launch and currently leads. In the last SIG session held on 16 January, members reflected on what has been discovered so far about this thing we call GRC and where the focus should be over the coming year. One of the key areas we have decided to look at in more detail are the value benefits of adopting this more integrated, coordinated approach, and how can these be leveraged to provide a stronger business case for securing the required commitment from key stakeholders.
Everything we do involves a combination of governance, risk and compliance… from the biggest undertaking to the smallest activity … in the boardroom, at the project, portfolio or programme level, and everywhere else in the organisation. So the time is now right for us to unleash and embrace the hidden potential of these powerful elements … but possibly in a different way to how you have been thinking about doing it previously.
READY FOR CHANGE?
Our unique ORDER™ approach is truly scalable, leveraging the terrific potential of applying this more holistic, synergistic and sustainable approach to any challenge … at whatever level it might exist within the organisation.
This is particularly evident in our REVIEW and RESCUE services where we can help you recover a project, portfolio, programme or some other form of strategic implementation initiative that is failing to deliver on expectations.
If you want to explore these or any other of our services then contact Robert J Toogood direct at email@example.com or on +44 (0)1983 617241 for a no-obligation, confidential discussion about how we can help.
Open Compliance and Ethics Group (OCEG): http://www.oceg.org
Institute of Business Ethics (IBE): https://www.ibe.org.uk
Roger Steare – Corporate Philosopher: http://www.thecorporatephilosopher.org
Linda Fisher Thornton – Leading in Context: http://leadingincontext.com
UK Financial Conduct Authority (FCA) – Risk Outlook 2013: http://www.fsa.gov.uk/static/pubs/other/fcarco.pdf
TED Talk – Yves Morieux, BCG: http://bit.ly/1cjJ1fJ
Institute of Risk Management (IRM): http://www.theirm.org/publications/PUpublications.html
IRM Special Interest Group (SIG) in GRC – Web Page: http://www.theirm.org/events/GRC_SIG.htm
IRM Special Interest Group (SIG) in GRC – Presentation from Last Session: http://www.theirm.org/events/documents/GRCSIGpresentation160114.PDF
Over the last twenty-five years, Robert has recognised the increasingly important role that governance culture plays in providing a foundation for organisational success. His recent masters research into the barriers to implementing an integrated approach to governance, risk and compliance has provided tangible evidence to support this view.
In conjunction with his ongoing consulting activities, he is now developing practical solutions to address these barriers through his part-time doctorate research activities. However, in undertaking this further research he is passionately committed to making sure his activities remain firmly on the ground and solve real-world not purely academic challenges.
© Copyright 2014. All Rights Reserved
Feb 9 2014GRC
- Business Continuity & Pandemic Planning (9)
- Business Transformation (102)
- Change Management (33)
- Compliance (24)
- Conduct Risk (8)
- GDPR (5)
- Governance (4)
- GRC (22)
- IRM GRC Special Interest Group (11)
- Mergers & Acquisitions (M&A) (13)
- News (3)
- Non-Executive Management (NEM) (1)
- Portfolio Management (8)
- Programme & Project Management (9)
- Risk Management (63)
- Solvency II (9)
- Strategy Implementation (34)
- Twitter (2)
- Uncategorized (1)