The GRC Red Flags Series Putting the G in GRC – the Role of the Board in GRC
Gone are the years of simplicity in business operations. Exponential growth and changes in risks, regulations, globalization, distributed operations, competitive velocity, technology, and business data encumber organizations of all sizes. Keeping business strategy, performance, uncertainty, complexity, and change in sync is a significant challenge for boards and executives, as well as management professionals throughout all levels of the business. GRC (governance, risk management, and compliance) by definition starts with the G for governance. Because of the board’s role in corporate governance, one would think that GRC is a board-driven strategy and initiative. However, the opposite is most often the case. It is the R for risk management and C for compliance that drives most GRC initiatives – and fail to engage senior executives and the board who ultimately have fiduciary obligations for all aspects of GRC.
The challenge is that gRC – lower-case G intended to demonstrate a point – too often is buried in the depths of departments and approached from a compliance or audit angle, and not as an integrated discipline of decision-making that has a symbiotic relationship on performance and strategy starting at the top of the organization, the board. Organizations need to understand how to monitor risk-taking in the context of governance and objectives, measure whether the associated risks taken are the right risks to achieve objectives, and review whether risks are effectively managed.
In this month’s episode of the GRC Red Flag Series, we focus on putting the G in GRC. Our key takeaways of this episode is how focusing on the G of Governance in GRC enables the organization to be:
More aware: Leaders have a finger on the pulse of the business and watch for changes in the internal and external environments that introduce risk to objectives. Key to this is the ability to turn data into information that can be, and is, analyzed and shareable in every relevant direction.
More aligned: They align performance, risk management, and compliance to support and inform business objectives. This requires continuously aligning objectives and operations of the integrated GRC capability to those of the entity, and to give strategic consideration to information from the GRC management capability to affect appropriate change.
More responsive: Organizations cannot react to something they do not sense. Mature GRC management is focused on gaining greater awareness and understanding of information that drives decisions and actions, improves transparency, but also quickly cuts through the morass of data to uncover what an organization needs to know to make the right decisions.
More agile: Stakeholders and the board require the organization to be more than fast; they require it to be nimble. Being fast isn’t helpful if the organization is headed in the wrong direction. GRC enables decisions and actions that are quick, coordinated, and well-thought-out. Agility allows an entity to use GRC to its advantage, grasp strategic opportunities, and be confident in its ability to stay on course.
More resilient: The best-laid plans of mice and men fail. Organizations need to be able to bounce back quickly from changes in context and risks with limited business impact. They need sufficient tolerances to allow for some missteps and have the confidence necessary to adapt and respond to opportunities rapidly.
Meet Our Panel:
Megan Belcher, VP and General Counsel, Scoular
Megan is a business function and law department leader, seasoned compliance and regulatory professional, experienced litigator, and internal and external comms expert. She is known for being a strategic business partner with a results oriented focus, while leading with integrity and imagination. Megan leads The Scoular Company’s Legal, as well as its Brand Marketing & Communications teams.
Gail Lione, Director, Sargento and Badger Meter
Gail is a senior counsel at Dentons, where she draws upon her experience as a former general counsel and as an active board member to advise executive leadership and boards of public and private companies about governance, risk management, intellectual property and environmental, sustainability and governance (ESG) issues. She also serves as a Fellow of the ESG Center of the Conference Board and is an intellectual property professor at Georgetown University.
Brian Stafford, CEO, Diligent
Brian is CEO of Diligent, the world’s largest GRC SaaS provider with more than $500M in revenue. Nearly 1 million users from 23,000 organizations in 90+ countries rely on Diligent to create impact for all stakeholders through modern governance, risk, and compliance. Brian is also board member at Brooklyn Academy of Music, former head of McKinsey SaaS practice and author of ‘Governance in the Digital Age.’
Maryann Waryjas, Former ERM Chair, Herc Rentals
Maryann Waryjas is a corporate board director and C-suite leader recognized for her ESG focus and years of boardroom experience. She has an outstanding track record on strategy creation, effective execution, empowering teams and delivering growth. Her broad-based experience helps companies identify opportunities, assess risks and pull the most impactful levers to optimize results.
Our host Michael Rasmussen
Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 27+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” – being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
Diligent is the world’s largest GRC SaaS provider, serving nearly 1 million users from 23,000 organizations around the world. Our software enables holistic and informed conversations about governance, risk and compliance and ensures CEOs, CFOs and the board have an integrated view of audit, risk, information security, ethics and compliance from across the organization. Our world-changing idea is to bring technology, insights and confidence to leaders so they can build more effective, equitable, and successful organizations – and create lasting, positive impact on the world. We seek to empower organizations to be better for their stakeholders and communities, for their customers and employees, for their bottom line. Headquartered in New York, Diligent also has offices in Washington D.C., London, Galway, Budapest, Vancouver, Bengaluru, Munich, and Sydney.