Recently I had the privilege of participating in something very rare: a GRC project kickoff meeting that involved both the CEO and the COO. While the organization was admittedly a smaller company than those I’ve dealt with in the past, the sheer presence of the company’s key decision makers spoke volumes about the team’s resolve to implement a scalable GRC program. The mood in the room was clear: all areas of the organization were ready to come together and build a plan that was best for all parties, whether it be IT, Risk or Compliance. It was said multiple times: “We want to follow the best practices so we all can be successful.” Small or not, this organization had already accomplished the often overlooked, but vastly important other “C” of GRC – cooperation.
C-Level involvement may not be an option for your situation, but lacking that visibility still doesn’t excuse you from focusing on the importance of cooperation. Whether you are a GRC champion, process owner or stakeholder, your program will only be successful and have lasting impact if the right people are cooperating with one another.
Building Bridges Makes for a Smoother Journey
Having an office where all stakeholders work on the same floor likely made cooperating at my recent engagement much easier; it was clear all the people involved knew each other on a first-name basis. This is probably a luxury most of you do not enjoy. To help illustrate ways to enhance the cooperation within your GRC program, here are some tips I’ve accumulated throughout my experiences:
- There Is No ‘I’ in GRC
If you’re new to GRC, be sure to invest time preparing the organization for what’s about to happen. Your colleagues across the hall or in the building down the street are not your adversaries; you’re all on the same team. Create a clear definition of GRC success that speaks to the company as a whole – not just your individual business unit. Strive to find measurable ways to show how each diverse group contributes to your key GRC initiatives. When staff members know the ultimate goal and can see how their piece of the puzzle fits in to the overall plan, there will likely be greater buy-in to the program. In addition, by clearly showcasing how other teams offer value to your GRC program, you can reduce much of the pushback and infighting that happens when a concession must be made to another group. Your team will see how that change in thinking – while not immediately useful to them – benefits the greater goals of the company.
- You Have to Give Up to Go Up
Many GRC implementations begin by solving a specific problem – such as managing vendors or getting a handle on IT policies. Once success is experienced, other business units may start clamoring to be a part of the new approach/system. For the group that was first to the table for process automation, this often means letting go of the autonomy they currently enjoy. When different groups are leveraging the same technology, changes once made simply by having consensus in the daily team meeting must now be run through a cross-functional meeting – involving multiple teams that may not typically interact. Be sure the key players understand the benefits of communicating and discussing changes and their impacts on all parties involved. Remind any reluctant sharers that they would not want to log in one day and see sweeping changes to the system executed with no notice. Treat these new system users with the same courtesy that you’d show your own team.
- Go to the Mountain; It’s Not Coming to You
If other impacted areas don’t seek you out after an initial implementation, remember that communication goes both ways. Don’t assume that people are avoiding you and your GRC dreams. It’s likely other groups are just far too consumed with their day-to-day work and haven’t had time to consider or learn about your accomplishments. If you want GRC to succeed, you need to be willing to schedule the first meeting, pick up the phone and make the first of many phone calls or simply cross the office and knock on the door. Most of the time, people will be glad you took the time to share the potential benefits a coordinated approach can offer.
- You Don’t Always Get What You Want
When multiple, diverse stakeholders share the same technology no single party can have all of their wishes met. It is key that all parties understand that there must be compromise to achieve the best outcome for all. If all groups approach their GRC decisions with an open mind, the value of your implementation can be realized quite rapidly. Cross-functional conversations with colleagues can now focus on the unique and innovative steps they’ve taken to optimize their work and how they might benefit you. Remember that choices that solely benefit one piece of the organization are usually not the best fit.
GRC Wasn’t Built in a Day
No one said this was going to be easy. Every office culture is unique and many cultures may initially be reluctant to share anything, let alone a common technology platform. Organizations can save considerable resources by sharing GRC platforms – both in the cost of the systems themselves and the ease of educating employees on processes that are housed in the same tool. In addition, having GRC data in one place offers considerable value and provides insights into how your key processes relate, which is one of the ultimate goals of GRC. Though there may be challenges and change may move a little slower, ultimately having these conversations and laying the foundation for ongoing cooperation is in the best interests of the business.
–Jonathan Kitchin, OrangePoint