The 12 Pillars of GRC Best Practice Work Disciplines

When we were asked to create a compendium of best practices for Governance Risk Compliance (GRC) program initiatives we started to think about the numerous areas where companies report difficulties. Topping the list of "risks", which is the way to look at this best practice topic is that of "human change", or to put it another way, employee adoption of new work excellence and GRC work disciplines (or good / best practices). The top risk is, quite bluntly, ensuring that all employees are fully engaged, in a very positive way, in making a GRC program a huge success. They understand that GRC work disciplines need to be folded into the "everyday work model" and so on. Blah, blah, blah, etc. That's just the top risk. The next risk is the integration of business processes and technologies in with the "motivated" employee work force. So, to step back after just looking at two of the top risks, we have come up with these 12 Pillars of GRC Best Practices which help a company prep for the more diffficult challenges. Are there only 12 disciplines? Well, no. But this offers firms a good start. Here is a cryptic list that we will be using as a foundation for a webinar series over the next could of months. Let's make sure to spread the word across all our Members that this is a starter list and we should all bring forward ideas to append to these dozen:
1. Tailored Definition - Every firm needs to define their GRC program initiative in a way that blends with their industry and company culture. But how do you go about accomplishing this?
2. Burning Platform - Employee adoption of a GRC program is a mission-critical success factor. Yet, most companies do not understand just how important this factor is, nor do they know how to approach this task in a way that is sustainable.
3. Strategic Shareholder Value - Are you aware of that the wide majority of GRC program initiatives are not tied to definitive Strategic Shareholder Value measurements. We will be telling you why you need to define these and tie them into your program.
4. GRC Configuration Management - Every company needs to have a Center-of-Excellence (COE) for Compliance Management, yet how do we achieve this if we don't understand the work disciplines that are needed. This pillar defines the 10 processes and underlying work diciplines which are known as "GRC Configuration Management". You will learn about the System-of-Record (SOR) which manages the GRC configurations as well as what a GRC configuration is.
5. Convergence Strategy - It's amazing to us that there are few companies that have a planned risk mitigation strategy to tackle human and technology change when it comes to GRC program implementations. It's even more disturbing to realize that few GRC program leaders have the strategies and tactics in place to integrate people, business processes and technologies in with the "everyday work model of the enterprise". This pillar is all about reaching for the stars and ensuring that all GRC program stakeholders understand that GRC programs are poised to either build a business or tear it down (through lack of employee focus and support). The pursuit of enterprise integration is at the heart of this challenge. We often call it GRC convergence. Learn how to overcome the challenges that many companies are choosing to ignore.
6. Business Rule Approach - Have you ever heard of "the business rule approach to compliance"? If you haven't, then you may be surprised on just how powerful this initiative can be when positioned correctly. In fact, this work discipline pillar is at the heart of the two most popular GRC buzz word terms; Continuous Controls Monitoring (CCM) and Continuous Auditing (CA).
7. Cross-enterprise Processes - When we see the potential for GRC programs to help businesses build a platform for increased business growth and more profitable business operations we realize that we need to define a bunch of cross-enterprise processes which can help us to pull together our GRC programs with a variety of work excellence practices in a way that promotes enterprise integration. But how do you get started? What processes make the best sense to focus on? This pillar covers this challenge in a way that can transform any GRC program!
8. Closed-loop Control Architecture - This is one of the all important internal controls that many companies are not aware of, nor how they relate to driving one of the most important strategic shareholder values across an enterprise. This pillar will educate you on the tremendous value that can be achieved through industry benchmarking. In essence, it is the measurement of Key Performance Indicators (KPI's) and Key Risk Indicators (KRI's) which are at the heart of "fast learning". 
9. Work Excellence - Are you aware that there are a well-defined set of work excellence work disciplines which provide an important foundation for GRC programs? This pillar will educate you on these proven disciplines and show you how they can be carefully pahased into your GRC program in a way that will astound you. In fact, many companies can't believe that they did not integrate these into their GRC programs from the outset.
 10. Lifecycle Methodology - Most companies understand the importance of using a project management capability as a way to manage and control a GRC program initiative. Yet, few are aware of specialized methodologies which are used to reduce the risks associated with large-scale cross-enterprise programs. The methodologies which we are referring to employ specific Work Breakdown Structures (WBS) which underpin and guide a new level of holistic and sustainable managerial perspective. Learn how to get going with these program methodologies which span a program's lifecycle from conception to execution, in perpetuity.
11. Understand the Costs - One of the starting points for any company that is considering a GRC program is to assess their current GRC-related costs in order to set a baseline of both data and understanding. By doing so, you will be able to compare historical costs with the improvement potential of a well-planned GRC program. What is astounding is that this groundwork provides some major opportunities for building a vision for your GRC program and tying the vision into a wider perspective of how to build a better platform for business growth. In essence, by defining your GRC cost structures your program team will be able to see the light regarding just how critical and important the whole notion of "GRC convergence", or "enterprise integration" will be.
 12. Tie GRC Requirements and Accountabilities to Individuals - One of the most challenging aspects of a GRC program implementation is the ability to achieve rapid program adoption by the employee work force at all levels of worker and management. There are a number of ways to accomplish this and they are well proven ways to achieve superlative results which can be sustained.


Post new comment

The content of this field is kept private and will not be shown publicly.