We often focus on “Governance” when trying to drive end-to-end business performance, process change or transformation. There is particular emphasis when we are working on transversal, cross-organizational process issues that cut across the “silos” of the business.
Of course, business performance has two perspectives, managing opportunity and managing risk. “Governance” is a big topic in the context of managing risk, designing and implementing policies and controls and ensuring compliance. This has spawned a couple of acronyms, GRC (Governance, Risk Management & Compliance) and IRM (Integrated Risk Management).
The word “Governance” is used in many contexts without clarity on what we mean. If we are not clear, we end up adding to confusion, limiting progress and creating barriers to simplicity.
Simplicity is, as we know, the “ultimate sophistication” and is one critical enabler for business performance, effective change and digital transformation.
How do we ensure we create simplicity as an outcome in any process improvement and what does “Governance” have to do with it?
Governance is sometimes defined as “the exercise of authority to control and direct the making and administration of policy“.
But does definition that actually help us in today’s world?
Maybe a better definition of “Governance” is “the structure and processes for decision making, accountability, control and behavior“.
GRC and IRM should both focus on the outcomes of effective risk (and performance) management, and therefore the critical components of “structure and processes for decision making, accountability, control and behavior“ on the journey.
OCEG (Open Compliance and Ethics Group) define GRC as “the capability, or integrated collection of capabilities, that enables an organization to reliably achieve objectives, address uncertainty, and act with integrity; including the governance, assurance and management of performance, risk, and compliance.”
The thoughts and insights of Norman Marks got me thinking about this again. You can read his 4 minute post on “GRC Confusion” here .. .
He is always worth a read if you want to get your brain’s synapses firing on the topic of risk management . . . .