If you’ve read any business publications, watched any interviews with prominent business people, or have looked into new company wide software systems, then you’ve probably come across the term GRC.
GRC means Governance, Risk and Compliance, and can be defined as:
Governance – Providing the structure, direction, management and resources the business needs to achieve its goals
Risk – Establishing the risks the business is willing to take, and identifying, monitoring and mitigating these risks
Compliance – Ensuring that the legal and regulatory obligations of the business are met, whilst standing out from competitors
Governance comes from the top
The directors and others involved in running the business need to determine many things, such as:
- Determining the direction of the business
- Identifying the types of risks the business is willing to take
- Deciding what ‘good’ looks like
Getting everyone on board, and involving everyone from the top down ensures that every department and employee knows what the aims of the business are, and how the business intends to meet its goals.
Establishing a framework
Once the direction, objectives and goals have been determined, the next step is likely to be establishing a framework.
This will set out things like:
- The acceptable behaviour of employees in terms of business
- Get the sale at any cost?
- Customer service is key?
- Innovation?
- Attract new customers or maintain existing customers?
- Quality or quantity?
- Business culture
- KPI’s
- Rewards
Having this structure in place will ensure everybody know what is expected, and how the company will grow.
Risk
Dealing with problems as they occur
Dealing with problems as they occur, or ‘fire-fighting’ is expensive and time consuming.
Because time, money and other resources are spent dealing with the problem, there is often less focus on running the business, meaning that other issues may occur, and perhaps go unnoticed.
This approach often doesn’t establish the root cause of the problem, and determine how it happened, and make sure that it can’t happen again.
Companies don’t survive serious problems
Many companies don’t survive serious problems, whether avoidable or self inflicted. From
Serious problems can include:
- Fire or flooding in the workplace – can’t get in the building for several days
- Underinsured – insurance claim doesn’t pay out the true cost of the loss incurred
- Business continuity issues – insurance has paid out but can’t get a new building or machinery quickly
- Data breach – client data compromised by hackers
- Losing main supplier or customer – can no longer get supplies or sell products or services
How would your business cope with these situations if they happened right now?
Avoiding risks
Some risks can be avoided, some can be mitigated and others can’t be helped.
Knowing the right approach to these, and enabling the business to continue trading is essential.
Maybe your:
- Employees can work remotely
- Data is kept off site
- Customer base means no single customer is significantly more valuable to you than others
- Business bank accounts can be accessed and funds transferred remotely
- IT Dept could source new computers and other hardware to have everything up and running again the same day
Compliance
In some companies, compliance may be left to a single department, rather than managed by the company as a whole.
Perhaps in your company it’s Legal’s responsibility to deal with that side of things.
Maybe individual employees don’t:
- Ensure that they’re aware of the rules and regulations
- Know whether their working processes adhere to them
- Understand the implications of non-compliance
Conclusion
Small companies may not have the in house expertise to make all the decisions, and nobody is expected to be a Jack of all trades.
Just because someone has a great idea, or is good at explaining the virtues of a product or service, doesn’t mean they are also great with the accounts or know relevant laws inside out.
Companies that need the most help with their GRC are often the most reluctant to ask experts and seek external help.
Perhaps they see asking for help as a weakness, or think employees will see it as a sign that management can’t manage properly, or that it’s an admission that certain departments aren’t doing their job properly.
No matter what size your company is, or your services or target market, your GRC can be improved.
Why not see how we can help you?
Call us on: 020 7399 4980 Or fill in our online contact form, here
