The physicist Fritjof Capra stated:
“The more we study the major problems of our time, the more we come to realize that they cannot be understood in isolation. They are systemic problems, which means that they are interconnected and interdependent.”
Capra was making the point that ecosystems are complex, interdependent, and require a holistic, contextual awareness of the intricacy of their interconnectedness as an integrated whole rather than a dissociated collection of systems and parts. Change in one area has cascading effects on other areas and, in all likelihood, the entire ecosystem. A small event can develop into what ends up being a significant issue. This understanding can be applied to your GRC strategy roadmap as well.
Gone are the years of simplicity in business operations. Exponential growth and change in risks, regulations, globalization, distributed operations, competitive velocity, technology, and business data encumbers organizations of all sizes. Keeping business strategy, performance, uncertainty, complexity, and change in sync is a significant challenge for boards and executives, as well as management professionals throughout all levels of the business.
The interconnectedness of objectives, risks, resiliency, and integrity require 360° contextual awareness of integrated governance, risk management, and compliance (GRC). Organizations need to see the intricate relationships of objectives, risks, obligations, commitments, and controls across the enterprise. It requires complete visibility and intelligence of risk in the context of objectives. The complexity of business – combined with the intricacy and interconnectedness of risk and objectives – necessitates that the organization implements an integrated governance, risk management, and compliance management strategy.
This interconnectedness of business is driving demand for 360° contextual awareness in the organization’s GRC processes to achieve objectives reliably, address uncertainty, and act with integrity. Organizations must see the intricate intersection of objectives, risks, and boundaries across the business. Gone are the years of simplicity in operations. Exponential growth and change in risks, regulations, globalization, distributed operations, competitive velocity, technology, and business data impede the ability of the business to be agile in times of uncertainty.
The elements of distributed, dynamic, and disrupted business are driving significant changes in GRC strategies in organizations. In addressing governance, risk management, and compliance, GRC 20/20 is observing three strategic pillars of Agile GRC that organizations are focusing on:
- Agility. Organizations need to be agile. Agility is the ability of an organization to move quickly and easily; the ability to think and understand quickly. Good GRC management will clearly understand the organization’s objectives, performance goals, and strategy and continuously monitor the environment for 360° situational awareness to be agile to what is developing and coming at it on the horizon. To see both opportunities and threats so the organization can think and understand quickly and be prepared to navigate and seize opportunities while avoiding threats/exposures to the organization and its objectives.
- Resiliency. Firms globally and across industries are focusing on resiliency; how quickly can your organization rebound from a risk exposure or event? The organization must maintain operations amid uncertainty and change, which is becoming a key regulatory requirement in some sectors. This requires a holistic view of the organization’s objectives and performance in the context of uncertainty and risk. Organizations are striving for business and operational resiliency that requires an integration and symbiotic interaction of risk management and business continuity. The organization needs full situational awareness of the interconnected risk environment that impacts them.
- Integrity. Organizations are re-evaluating their internal core values, ethics, and standards of conduct in and how this extends and is enforced across the organization, particularly in an ESG context. The integrity of the organization is a front-and-center concern. Organizations see the need to define and live their corporate values in the business, its transactions, with clients, and in third-party relationships.
Successful GRC management in the context of agility, resilience, and integrity requires the organization to provide an integrated process, information, and technology architecture that automates this. Technology enables the ability to identify, analyze, manage, and monitor GRC while capturing changes in the organization’s risk profile from internal and external events as they occur.
Choosing the right software solution builds your modern GRC culture in two directions: A top-down view of risk linked to objectives, led by the executives and the board, and bottom-up operational risk participation, where business functions at all levels identify and monitor uncertainty and the impact of objectives. This enables GRC management to be a seamless part of governance and operations. While that may sound like hard work – and it is – organizations that get a good grip on their GRC initiatives have a much better chance of thriving in today’s complex business world.