The Success of Your GRC Program; Dealing with the "Soft Stuff"

Cross-enterprise program initiatives that address the three dimensions of Governance, Risk and Compliance (GRC) are both similar and dissimilar to the many types of enterprise-wide programs that have come before. GRC programs are truly cross-enterprise in nature, because all functions and roles are involved, or should be involved, because GRC practices, policies and application software affect all employees. They may also touch suppliers, trading partners and customers. GRC programs are similar to other programs which have needed to foster major, or even massive, business change (such as when commercial firms have had to transform themselves into war-time production facilities, for instance).

To be successful, programs often need to cultivate employee mindshare, organically, as well as to achieve both program and practice adoption in a rapid way. GRC programs have these challenges. GRC programs are also similar to program initiatives which have addressed work excellence. In fact, GRC programs are work excellence programs.

Lastly, GRC program initiatives are similar to other program initiatives when there has been a need to “converge”, or integrate, new work practices into the “everyday business model” of the organization, so that the new practices become a part of everyone’s responsibilities (i.e. integrated into the job role and accountabilities) and not merely a part of a temporary project, or seen as the latest “fad du jour”. Programs which rise to this level of importance are, for example, technology-driven programs such as Enterprise Resource Planning (ERP) programs, Customer Relationship Management (CRM) programs, or international standards-based programs such ISO 9001 enterprise-wide quality initiatives. All of these have had some level of "convergence challenge" associated with them. yet, GRC programs have a significant convergence challenge and that is not often addressed during the planning process, if at all. But these aspects need to be addressed because they represent the #1 risk to the program. Human change is, without a doubt a tough nut to crack!

What sets GRC programs apart from other programs is the level of enterprise integration that is required to ensure the success of the program. “GRC convergence” connotes an unparalleled level of “enterprise integration” along with major business transformation and human change challenges. In fact, the long-term success of the GRC program is not only tied to the program itself, it is also tied to how well a company is able to compete within its industry sector. It is this long-term vision of success and its relationship to corporate survival and sustainability which are critical-success differentiators. In essence, GRC programs, unlike any other cross-enterprise programs before them are tied to the health, well-being and the sustainable competitive advantage vis a vis peer organizations which compete in the same NAICS or SIC industry segments. And it is the human challenge and convergence challenges that need to be addressed from the outset, if a company plans on being successful. As Michael Hammer, father of business re-engineering, clearly put it... "the soft stuff is the hard stuff", and the soft stuff of human change and work integration represents the major barrier to long-term success in GRC program initiatives. Thus our phrase of "new era / holistic GRC" sumbolizes a new approach to business transformation where we meet the challenges (and associated risks) head on. 

Category: GRC programs


Post new comment

The content of this field is kept private and will not be shown publicly.