Manage Learn to apply best practices and optimize your operations.

Using governance, risk and compliance to improve business performance

Governance, risk and compliance are vital to every successful business, but our expert says companies often don’t take advantage of GRC’s critical influence on performance.

Any properly run business is no stranger to governance, risk and compliance -- but are companies missing out on some of its important benefits? One expert says “yes” -- and that when governance, risk and compliance initiatives are properly focused they can actually improve business performance.

Brian Barnier, a frequent contributor to and an Open Compliance and Ethics Group (OCEG) fellow, says reducing risk to business objectives makes it easier to seize opportunities in the difficult economic environment. Orchestrating governance, risk and compliance with activities such as finance, legal, quality and process improvement helps achieve business performance objectives, he added.

“This is why OCEG’s focus is on principled performance, where principles are the standards of conduct that an organization puts in place to shape its pursuit of those objectives,” Barnier said. “Those standards can range from discipline in sales forecasting to reducing waste in the manufacturing process to save cost and be environmentally friendly.”

Barnier outlined how companies can achieve this balance during his keynote speech at the MIS Training Institute’s Governance, Risk and Compliance 2011 conference earlier this month in New York. His keynote, “Harnessing the Breadth and Depth of GRC to Improve Business Performance,” provided advice on how companies can change their perspective to achieve the balance and save money in the process.

To meet this goal, organizations need to avoid common complications that are often created by
“internal blind spots” that end up being time wasters and money burners, Barnier said. He said there are two big buckets of blind spots, the first being an environment or capabilities that harm the ability to achieve business objectives.

“These can range from natural disasters to competitors, to internal business capabilities gaps,” Barnier said. “This is just like players on a football field and how rain, snow, stronger capabilities of the other team and the home team’s own physical condition come together to shape wins and losses.”

The second “bucket of blind spots” is in creating the GRC initiative. As in any type of initiative -- whether it is a new product, expansion or marketing campaign -- enterprises routinely fail to meet expectations when they smugly overreach their capabilities, Barnier said.

“In driving toward principled performance, errors can be grouped into three areas: Scope errors that miss the big risks to the enterprise, selecting the wrong tools/methods for the job, and people skill gaps,” Barnier said. “Of course, people skill gaps are the worst because they can also influence the other two areas of errors.”

As a result, boards and senior executives must evaluate any initiative closely to be aware of these gaps. If skill or knowledge gaps remain, they must be closed to avoid wasting time and effort, Barnier said.

By establishing a clear focus on performance, organizations can select the proper tools to meet objectives, design more efficient risk management processes and improve business outcomes against strategy, he added. To overcome any challenges and complications and thus speed business improvement, Barnier said organizations must maintain a “been there, done that” perspective.

Ensure that a sense of humility is always part of the initiative team -- learn from what has damaged other initiatives in your enterprise.

Brian Barnier, fellow, Open Compliance and Ethics Group

“Ensure that a sense of humility is always part of the initiative team -- learn from what has damaged other initiatives in your enterprise and what has damaged GRC-principled performance initiatives in other enterprises,” Barnier said.

He added that adhering to governance, risk and compliance rules should not hinder an organization's business processes, as long as the focus remains on driving principled performance. By really getting to know the business, objectives come into focus and allow risk management processes to help achieve these directives.

However, Barnier said that as he talks with a range of organizations, he routinely sees governance, risk and other business initiatives all turn into “paperwork monsters and boat anchors” for the business.

“This should not be,” Barnier said. “This is why I evaluate governance against the criteria of being informed, transparent, accountable and agile. Being agile is especially crucial, as failure there can eventually defeat success in the other three criteria.”

To properly implement governance, risk and compliance into business processes so that both GRC and the bottom line benefit, Barnier said it’s important to start with business-improving performance objectives. Then, organizations can set the scope for success both in terms of the external business and the internal organization.

Barnier recommended piloting with a business leader who needs to build capabilities to better achieve performance in terms of new products, jurisdictions, customers or acquisition -- and is in need of a more efficient and effective way to get there.

“The orchestration methods provide a way to save time and cost that can bring immediate benefit,” Barnier said.

Let us know what you think about the story; email Ben Cole, Associate Editor.

Dig Deeper on Risk management and compliance

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.