The threefold disciplines of governance, risk management, and compliance—GRC—represent a convergence of corporate responsibilities that bodes well organizations. Why? Because these formally disparate and siloed fields are finally coming together, especially as astute executives bring higher levels of oversight to them—from the board room to the individual employee. And in the process, organizations are becoming smarter, safer, more efficient, and more profitable.
While originally driven by Sarbanes-Oxley, as organizations worked the GRC requirements into their cultures, many discovered that the initiatives actually added business value, resulting in improved operations, better decision making, and more effective planning. Business processes that were formally disjointed, marked by organizational apathy, or misaligned with corporate objectives became measurably enhanced; wasteful redundancies were eliminated, and gaps were exposed and bridged. Ultimately, though, it seems there are two kinds of organizational cultures in the world: those that view things like GRC as a burden—and consequently are more likely to fail—and those that embrace them as opportunities to improve everything they do, becoming better and more profitable organizations as a result.
We’ll focus on the latter here, and invite you to examine the strategies of the companies who are winning through good GRC practices. If you’re ready to go for it, here’s a six-step process that will get you there.