pic-01

NEED EXTRA HELP?

Do you need extra expertise on an ad-hoc basis to assist with unexpected challenges and problems?

pic-03

OPERATIONAL RESILIENCE HEALTH CHECK

When did you last check that your operational resilience processes are fit for purpose?

INSIGHT BLOG

Importance of coordination in unleashing power of GRC

Importance of coordination in unleashing power of GRC: critical benefits from adopting an orchestrated approach.

 

From Robert J Toogood, Senior Partner – Chaordic Solutions:

A few weeks ago, I shared some thoughts following time spent with close colleagues from the Institute of Risk Management (IRM) GRC Special Interest Group, where we had been looking at the relationship between what is commonly referred to as GRC and ERM (Enterprise Risk Management).

We later published the results of our initial research in a discussion paper which we subsequently shared with our SIG members, and used as a catalyst for a wider discussion within the group on this important topic.

One of our members is the highly respected, evangelist … Norman Marks.  Norman is an OCEG Fellow and a Honorary Fellow of the Institute of Risk Management.  Last week we were fortunate enough to be able to discuss with Norman our paper and his personal thoughts on the relationship between GRC and ERM.

After our discussion, I summarised my understanding of what Norman had shared with us in the form of ten key messages:

1. GRC already exists in the majority of, if not all, organisations, but not necessarily in an optimised/integrated ie coordinated form;

2. Coordinated GRC is what OCEG’s Principled Performance is trying to achieve;

3. Coordinated GRC should be considered/evaluated based on what it is able to deliver … not on how it delivers it ie benefits vs features;

4. Coordinated GRC is not a technology driven-solution, it is a different way of thinking, a way of driving improved performance and this is an important way of selling it to senior management;

5. Coordinated GRC is a framework into which other industry recognised frameworks/standards can and possible should co-exist eg ISO31000 … eg the risk aspects of OCEG’s framework is not a viable alternative to IS31000 – shouldn’t view OCEG as having all the answers or the best way of looking at things;

6. Coordinated GRC is a way of optimising the way governance, risk management and compliance interact;

7. Coordinated GRC must be tailored (aka organisational design) to meet the specific needs of the target organisation … without tailoring, any attempts to implement will almost certainly fail;

8. Coordinated GRC can be compared to an orchestra (check out Norman’s previous blog post);

9. Coordinated GRC is heavily dependent for success on a healthy implementation of ERM – if ERM is not operating efficiently, then this will constrain and eventually cause an integrated GRC implementation to fail;

10. Coordinated GRC should be positioned as being all about achieving objectives more efficiently.

Last year in a blog post, Norman used the metaphor of an orchestra to describe the importance of this coordinated approach to GRC.  The following is an extract from that post:

“The solution is embodied in the new word from OCEG: “orchestration”. I have been using the word “harmony”, thinking that it would be fine if we could get the alto, soprano, and bass to sing together in harmony. Scott Mitchell of OCEG suggested that the works should be orchestrated, implying greater optimization of the combined performance.  So if we can get our silos eliminated and the violins, trumpets, drums, etc. to cooperate and coordinate (i.e., embrace GRC) we get a fine orchestra. They may have to subordinate individual performance, but the combination is outstanding.”

So there you have it, the importance of a coordinated approach to GRC.  Our research activities have now moved onto to examine the influence that Culture has on being able to adopt this coordinated approach … I will update you soon on what we discover!

PS Do YOU have any relevant views and/or experience that you would like to share?  If so, I would very much like to hear from you – please contact me initially via email at robert_toogood@chaordicsolutions.co.uk.

More … Norman Mark Blog Post: http://normanmarks.wordpress.com/2011/06/16/grc-metaphor/

IRM GRC SIG DRAFT Discussion Paper on GRC and ERM: https://www.box.net/s/m9o1zgw48efpvhfpx4ef

Nov 24 2012

GRC

Leave a Reply