The Management of Governance, Risk and Compliance – it’s a Choice

 

For organisations, and their leaders, there are four words that become almost elemental; management, governance, risk, and compliance. They herald meetings that can either be perfunctory in nature or talk to the fundamental future of the organisation.

Any close analysis of the conditions that gave rise to the Global Financial Crisis in 2008 will point to a series of failures in all four areas of these disciplines. In more recent times, in Ireland, we have seen a significant societal trust being undermined by well-known and even state sponsored agencies adopting less than effective governance models, by choice, and permitted to do so through lack of monitoring and transparency.

Never before has there been a greater general awareness of the need for robust, common sense governance models applied by suitably qualified professionals who understand the risks and opportunities that must be managed in order to achieve the strategic objectives of a business or organisation. There is a need to learn from past mistakes. Otherwise, as amnesiacs, we tend to forget everything and are bound to repeat past errors.

Governing the fabric of your organisation

So, where and how do you start? Let’s start with Governance. Remarkably, it is often the case that a definition of governance could vary across a range of people. The OECD is an often quoted reference point. The 2004 definition points to a structure of controls that allows a business to manage itself in delivering its strategic objective for its stakeholders.

‘Corporate governance involves a set of relationships between a company’s management, its board, its shareholders and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined.’ (OECD, 2015.)

I would offer a slightly different definition. Governance is the fabric through which an organisation integrates its business objectives with key controls filters that include risk management, compliance awareness, product development, HR, financial and capital management and fit for purpose reporting that facilitates sound business decisions. The fabric also ensures that the culture, values and ethical aspects of an organisation are strategically embedded in the business model. It’s a choice.

It is worth reminding ourselves that even today 2019, the 21st century, so much of our business and organisations engagements are with human beings. The DNA factor of culture in all organisations can be assessed through its corporate culture. It is important to understand what that culture is and be sure that it is an asset to the business and not a liability. It’s a choice.

Risk acts as a compass

In considering Risk. Quite simply, in terms of a board of directors, if you don’t understand the risks within your business, how is it possible to exercise strategic or operational control or direction?

An in-depth understanding of the ‘risk universe’ in an organisation is a critical source of data towards better decision making. It is also important to recognise that risk management can also be a facilitator of business opportunity and securing added value to the business. It’s a choice.

Another interesting thing about risk, it works best when everyone within an organisation knows what the business appetite and tolerance for risk is, it’s everyone’s responsibility. It’s a choice.

 

Compliance as opportunity

Compliance is often considered, particularly by more entrepreneurial parts of a business, as a restrictive control. This perception of compliance needs to be challenged. In a very narrow assessment, compliance can point to ensuring that regulatory and legislative commitments are met.

In a broader scope, compliance can be used to look internally within an organisation. The opportunity to assess if the business targets for operational and strategic developments have been met, is a key control.

Also, in the same space, a critical assessment of targets and standards set for diversity, inclusion, equality, climate risk and CSR, are vital and emerging aspects to all businesses. Are we in compliance with the internal targets set to make the business a differentiated and profitable proposition to both internal and external stakeholders? It’s a choice.

Managing the narrative

We are probably too used to the phrase ‘tone from the top’. It is often applied to emphasise the influence of the board of directors on the operational and strategic running of an organisation. What is often less well understood is that without a reciprocal ‘echo from the bottom’ there is probably no real value in lofty statements of intent, however well intended, from the leaders of the business. The case for Management connecting the two elemental levels is a fundamental enabler to a business meeting its stakeholders’ expectations.

The key to optimising a considered business model must ensure that management, governance , risk and compliance do not function in operational silos. The real ‘secret sauce’ of operational efficiency is in insuring that GRC awareness informs every level in a business The integration of these disciplines offers greater added value and a more robust, flexible and sustainable business model. It’s a choice.

Why would we not choose this?

 

Noel Forde is Programme Director for IMI’s Professional Diploma in the Management of Governance, Risk and Compliance. For information on all IMI programmes, including those running directly in Cork this autumn, go to www.imi.ie/imi-diplomas/diploma-in-the-management-of-compliance