You Get What You Pay For

GRC-MoneyPit

Choose wisely when selecting professionals for improving your home, and your GRC technology.

Home ownership has long been viewed as an iconic American ideal, right up there with mom, apple pie and baseball. A little over six years ago, we bought our home here in Kansas City. It’s a bungalow (89 years young this year) with all of the nooks, crannies, quirks, flaws and endearing qualities that you would expect from a house of its age and style, and for that we love it dearly.

As those of us who own (i.e. leverage) our homes know, while it’s a labor of love, there are moments where it feels like more labor than love.

Take our kitchen for example. When we bought this house, we described our kitchen as “adequate and serviceable.” Nearing seven-year itch territory, we decided to give our kitchen some TLC, and we chose to begin with an appliance facelift. We started by replacing the microwave and range/oven – it’s amazing what upgrading from 1982 white and brown to stainless steel can do for your psyche!

Next up was the dishwasher. Caught in a perfect storm of, “ we’ve already upgraded the other appliances” and, “wow, the dishwasher is about to break,” I dispatched my wife (a much savvier consumer than I) to the store. After what seemed like months since our purchase was completed (it was six days), delivery day arrived. As I basked in the glory the new dishwasher, one of the installers said, “Um, I’m afraid we have a problem that we’re not going to be able to resolve – you need to call a plumber to fix this.”

Gulp. There are a few phrases that immediately grab your attention like, “you need to call a plumber.” Who hasn’t felt a little sick in their stomach over that one? Given that I had a non-installed dishwasher, along with a heightened sense of anticipation for my new gadget, I immediately called my plumber. Thankfully he’s a wizard with old homes like mine and very reliable – he came to our home the next day and had addressed the issue in short order. According to our expert, the root cause of the issue was that during a previous kitchen renovation (sometime in the late ‘80s), the contractor who did the work was clearly not a professional plumber (and judging by the approach used, they were probably a novice that did the work for “free,” which further speaks to the quality of his/her “specialized” labor). The previous plumber failed to implement standard plumbing best practices and they used sub-par materials to complete the job. Sure, the system the worked and cutting corners probably helped save a few bucks up front. Sadly, this approach ultimately stifled our improvement effort and set us back, both in time and money.

Connecting the Pipes between Plumbing and GRC
So far, I’ve used a GRC blog to tell a story that seemingly has nothing to do with concepts like risk management, control and due diligence. However, I suspect every GRC professional who reads this story can spot the similarities between my plumbing fiasco and their professional pursuits. GRC doesn’t make the company money. Yes, it contributes to the organization’s success in a qualitative way that’s difficult for a lot of folks to grasp, but it’s not adding to the top line.

Regardless of the size of your business, your business cannot survive without adhering to the core tenants of an effective GRC program – comply with laws and regulations, understand and manage risk, trust then validate, etc. As this program matures and grows, technology can be leveraged as an enabler of effective management and monitoring of this critical aspect of your organization.

When I worked on the software side of GRC, I often used a plumbing analogy to illustrate the systems that manage these essential processes and programs. I would assume that a large percentage of the folks who work in your organization think about software like they think of plumbing: when it’s working, they don’t give it a second thought. Yet, when something goes wrong there’s no amount of denial that can combat the anxiety that eventually rears its head. In these unfortunate cases, there are two reactions:

  • First reaction: “Fix it NOW”
  • Second reaction: “Why wasn’t it done right the first time?”

Don’t Let Your GRC Investment Go Down the Drain
There are varying levels and degrees of expertise that exist in both plumbing and GRC. Plumbing is a highly skilled trade with an established set of standards and training techniques as evidenced by its widely successful apprenticeship model. Those who know how to do it well do it very well, because they’ve worked and practiced and refined themselves for countless hours. Those who have not invested the same level of time and effort, but claim to understand plumbing, should probably stick to changing a washer in a faucet instead of designing intricate drainage systems.

What we realize from our GRC systems, processes and programs is only as good as the wisdom and experience used to put them together. Using an appropriate mix of experts (who can grasp your objectives and appreciate the nuances of your processes) and skilled apprentices (who can configure the rules and logic of the system) to perform and implement your processes is clearly a best practice. However, if we rely on solely on under-trained resources, shoddy materials and sub-standard practices as the backbone of our implementations, even though this has the illusion of being the “cost-effective” approach, we do nothing but set ourselves up for a painful and costly disaster further down the road.

There is a somewhat happy ending to my plumbing fable. It turns out that the cost of my home repair wasn’t as disastrous as it could have been (but it still did bite a bit), and I can handle hand-washing my dishes for a few more days (which takes a bit more time and effort). Money, time, effort…just think if it had been done right the first time!

–Jason Rohlf, OrangePoint

This entry was posted in GRC Consulting, GRC Technology Implementation and tagged . Bookmark the permalink.

4 Responses to You Get What You Pay For

  1. Must GRC always be a software solution? I should think that the principles (obey the rules, manage risk, verify compliance) could – and perhaps should – be the foundation for what we do. A culture if you will. I see these principles as a way of running the organization – with or without assistance from automation.

    Perhaps experts smarter than I have determined that humans CANNOT implement GRC principles without automation?

  2. Jason Rohlf says:

    Hi Dennis – great point – I’m certainly not saying that GRC can only succeed with a software solution. You correctly refer to principles, which should always be the driver regardless of the approach taken to “implement” them. That said, the reality is that many organizations, both small and large, are turning to some level of software, whether it be Word and Excel or multiple integrated platform solutions, to support their efforts and add efficiency. The main point is that regardless of the approach taken (software solution or not), it’s best to let those principles be your guide and consult with the right people before you embark on any sort of process implementation or improvement. Would you agree?

  3. Jennifer says:

    Great Analogy Jason! Often times, no news is good news for GRC. But, when something goes wrong, hopefuly it gets the right attention and an opportunity is provided to fix the root cause. GRC is the essence of interdependence, much like the appliances and plumbing. Keep blogging!

  4. Pingback: Continuous Improvement and GRC | OrangePoint GRC Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s