What is governance, risk and compliance? What is a risk? These words pertain to a variety of issues ranging from uncertainty (whether something will happen) to the likelihood of something happening (how likely something will occur). Good governance aims at minimising risks and improving efficiency by improving decision making, monitoring and controlling the outcomes. The integrated collection of capabilities that enable an organisation to reliably achieve objectives, address uncertainty and reduce risk cover all these three aspects.
Consider the amount of “wear and tear” on organisational systems over time
Organisations have a certain amount of “wear and tear” on their systems over time. This wear and tear can take a number of forms, including staff turnover, workload rotation, consolidation, integration, and of course, updating or adding new technology. If these systems are not well maintained, errors, delays, or gaps can lead to law or policy violation or even litigation. Therefore, organisations need to address these issues as part of a comprehensive governance program covering all three aspects of risk management, which are what is governance risk and compliance, what is risk management, what is siloed, and what is dedicated.
Siloed controls refer to those systems that are separately managed by different departments or personnel within an organisation. For instance, the human resources department may be responsible for managing the personnel requirements, payroll, training, benefits, recruiting and hiring process. The finance department may be in charge of managing the financial obligations, financing, purchasing, inventory, etc. In this manner, siloed systems are less inclusive and flexible when it comes to what is governance risk and compliance as each department would need to individually assess their own needs and meet these requirements in accordance with their particular processes.
Know the set of policies and procedures that apply to your organisation
What is governance, risk and compliance then? It is a set of policies and procedures that apply to every aspect of an organisation that must be reviewed and analysed to ensure that these policies and procedures do not unintentionally become policies and procedures that are legally binding for the organisation. For instance, when the human resources department undertakes a recruitment process, they will need to look at the employment equity procedures and employment contracts. They will need to look at the turnover rates and the various other factors that can affect the company’s ability to fill positions and retain employees. Therefore, the human resources team should review and analyse all of these policies and procedures and makeas consistent as possible with business necessity and organisational mission.
There are many aspects to consider as there are many executives who are ultimately responsible for the policies and procedures governing the company. What is compliance, for example, if the head of the human resources department, the CFO, or the CIO does not oversee the implementation and effectiveness of these policies and procedures? Does the executive who is ultimately responsible for the policies and procedures always sit down with the other stakeholders and review these policies and procedures? Does the CEO make the decision to implement governance, risk, and compliance policies and procedures?
Integrate your approach with your business goals and good governance
There are many benefits to an integrated approach to business goals and objectives and to good governance. One of the major benefits is cost reduction and compliance enhancements. You can reduce the risk that comes from the selection of the best-suited individuals to serve on key committee areas, such as those that manage risk, governance, and compliance and those that drive business results. Also, you can eliminate the cost that comes from duplication and mismanagement of processes and activities, as well as avoid the costs that come from compliance failures. You can also get major cost savings by focusing your efforts on bringing in the best talent and brightest minds available instead of focusing your energies on training, supervision, and maintaining the best in management trainees. You can visit clariba.com/governance-risk-and-compliance for more information regarding governance, risk, and compliance.
Finally, you need to look at the holistic health of the organisation,. What is the overall health of the business goals and objectives? Are people, systems, and processes functioning as they should? Do the relationships among people and departments remain strong enough to withstand risks and the changes that may result?