Have you ever heard of the Winchester Mystery House in San Jose, California? It’s a sprawling mansion that was built in the 1800s at the cost of $5.5 million (calculate inflation, and that is one very expensive house today). It had 147 builders that built it over 38 years with no blueprint, no design, and no architect. As you might imagine, it’s a confusing maze of construction.
The story of this house reminds me of GRC and GRC processes in many organizations, perhaps yours. The components of GRC – governance, risk management, and compliance — are in every organization. My position is that while every organization does GRC, their approaches and results vary. It may be ad hoc, fly-by-the-seat-of-our-pants approaches. But GRC done right delivers the capability to reliably achieve objectives [GOVERNANCE], address uncertainty [RISK MANAGEMENT], and act with integrity [COMPLIANCE].
The Winchester Mystery House analogy is how GRC looks in many organizations. You may have shadow GRC processes that spring up all over the organization in the bowels of operations that lack . . .
[THE REST OF THIS ARTICLE CAN BE FOUND ON THE RESOLVER BLOG WHERE GRC 20/20’S MICHAEL RASMUSSEN IS A GUEST AUTHOR]