Unpacking the “G” in GRC

By Hayden Green, Head of Sustainability, IsoMetrix

Good governance is the product of strong risk and compliance management. So setting them out to have a relationship of equivalence is misleading. GRC therefore is something of a tautology: governance comprises risk and compliance; it does not complement them.


Governance is not management either. Rather, it sets the space for management. It defines the behaviour of an organisation. Or, put differently, governance refers to the structures, processes, rules and entrenched values through which decision making power that determines actions is exercised.


Governance can be seen as a container that holds, and serves as a boundary to, its contents – the company’s strategy. There is a growing emphasis on governance. It was determined in King II that the board should be responsible for governance of risk – setting the appetite and tolerance within which decisions around risk can be taken.


In any organisation, accountability moves upward and responsibility moves downward.  Getting them aligned is good governance. A key factor in successfully effecting strategy is the inculcation of a culture that encourages employees to behave in a way that is synchronous with what is deemed permissible.


With this in mind, performance management can never be neglected as a discipline within GRC. Traditionally, there is a strong focus on areas that have direct risk and compliance impacts, such as Health, Safety and Environmental management, or Enterprise Risk management. However, there is often poor visibility over how closely aligned employees’ behaviour is to the company’s codes of governance. Ideally, this should be measured and reviewed through Key Performance Indicators that are based on the company’s defined value system.


Broadly speaking, GRC is a set of disciplines that are essential for a business to run in a sustainable way. Sir Adrian Cadbury’s definition of corporate governance goes to the heart of this: “Corporate governance is concerned with holding the balance between economic and social goals and between individuals and communal goals.


“The corporate governance framework is there to encourage the efficient use of resources and equally to require accountability for the stewardship of those resources. The aim is to align as nearly as possible the interests of individuals, corporations and society. ”


Increasingly, we are seeing usage of the term ESG (Environmental, Social and Governance), as the need to balance the way a business behaves with the impact on society and the environment around it becomes more important. Also more prevalent these days is eGRC, a term which echoes ERP in referring to an integrated solution across an enterprise, as the need for efficiency and real-time reporting drives companies to replace a myriad point systems with an integrated solution.


But what these systems are called is not all that important. What is important is how we can use the thinking and processes inherent in these disciplines to ensure businesses run in a more sustainable manner.