The GRC Winchester Mystery House
Note the following analogy is focused on lack of design for a broad enterprise GRC perspective. Note that this same analogy can be applied to aspects of GRC that have no design across departments and funtions like risk management, compliance, third-party risk management, and more. Compliane and ethics management particularly suffer from no design to their processes and technology.
Unraveling the Maze of Scattered Governance, Risk Management, and Compliance
In the heart of San Jose, California, stands the enigmatic Winchester Mystery House, a testament to architectural perplexity and confusion. While this Victorian mansion boasts a rich history and an allure for tourists, its lack of design, blueprint, and oversight during construction is eerily reminiscent of organizations grappling with the complexities of scattered Governance, Risk Management, and Compliance (GRC) silos with no design, no architect, and not blueprint for GRC. Let us deliver into the labyrinth of challenges faced by entities mirroring the mystique of the Winchester Mystery House – organizations burdened by manual processes, redundancy, gaps, and a lack of integration.
The Winchester Mystery House: An Architectural Anomaly
Built in the 1800s at a staggering cost of $5.5 million, the Winchester Mystery House stands as an architectural enigma. The mansion was constructed over 38 years with the involvement of 147 different builders, and remarkably, it lacks a cohesive design, blueprint, or the guiding hand of an architect. This lack of central planning resulted in hallways leading to nowhere, doors opening to walls, staircases ending abruptly, skylights in floors instead of ceilings, and an overall sense of chaotic disarray.
Similarly, organizations plagued by fragmented and siloed GRC practices navigate a maze of challenges resembling the bewildering layout of the Winchester Mystery House. Here are key parallels between the mansion’s architectural chaos and the disorderly GRC landscape of some organizations:
- Absence of Design and Blueprint . . .
- Winchester House: The absence of a coherent design or blueprint led to nonsensical features like staircases leading to the ceiling.
- GRC Silos: Organizations lacking a unified GRC strategy often find themselves implementing disjointed processes, resulting in confusion and inefficiency.
- Scattered Governance . . .
- Winchester House: Hallways and doors leading to nowhere highlight the lack of governance in its construction.
- GRC Silos: Organizations with scattered governance experience difficulties in enforcing policies consistently across different departments and processes.
- Manual Processes and Redundancy . . .
- Winchester House: The sheer size of the mansion and the multitude of builders led to manual processes, resulting in inefficiencies and redundancies.
- GRC Silos: Manual processes, reliance on thousands of documents, spreadsheets, and emails create a convoluted GRC landscape with unnecessary redundancies.
- Siloed Solutions and Lack of Integration . . .
- Winchester House: The mansion was built in sections without integration, creating a disjointed structure.
- GRC Silos: Organizations often implement siloed GRC solutions without proper integration, leading to a lack of visibility and communication across risk, compliance, and governance functions.
- Gaps in Oversight:
- Winchester House: The absence of an overseeing architect allowed for peculiar features like skylights in the floor.
- GRC Silos: In organizations, gaps in oversight can result in missed compliance requirements, exposing the enterprise to unnecessary risks.
Just as the Winchester Mystery House stands as a testament to the perils of scattered construction without oversight, organizations wrestling with fragmented GRC practices face many challenges. From manual processes to siloed solutions, the parallels are striking. To overcome these challenges, organizations must invest in comprehensive GRC strategies, integrating governance, risk management, and compliance into a cohesive strategy and framework (e.g., OCEG GRC Capability Model) that is supported by well designed processes and an integrated information and technology architecture. Only through intentional design and strategic oversight can organizations avoid the perplexing maze of scattered GRC silos, ensuring a sturdy and purposeful foundation for long-term success.