Thinking Holistically, Growing Sustainably Let’s Talk About GRC…In Director’s Perspective
Thinking Holistically, Growing Sustainably
Let’s Talk About GRC…In Director’s Perspective
It is widely known that directors have crucial “oversight” roles to ensure the organization conducts business in accordance with its purpose, vision, mission, and strategy. Meanwhile, directors must also see that risk appetite are at acceptable levels and continuously explore opportunities for value creation or maximize stakeholders’ value. Such tasks are particularly challenging amid rapid changes in business environment and technology that businesses can hardly catch up. (Many failed to catch up and eventually went out of business).
However, the “ultimate goal” of directors in terms of oversight roles is not simply making the organization survive and sailing through particular difficulties but must also make it grow sustainably in the long run. A question that could emerge at this point is what does “sustainable growth” looks like?
The answer is...an organization must have goal / strategy / direction that “fully aware” of changing business environment and “understand” interests of all stakeholders, including customers, community, society, and environment (ESG), etc. When management puts the strategy into implementation, it is not unusual to face all kind of obstacles (commonly called “risk factors”) that prevent them from being achieved. This is why organization must have robust “control system” to mitigate such risks and, at the same time, “monitoring system” to ensure compliance with relevant rules, regulations, international practices and standard, which would help “prevent potential problems”.
Now, you probably start to “get the picture” that there are (at least) three key components to promote corporate sustainable growth including Governance (G), Risk Management (R), and Compliance (C). This concept has been further developed by the organization named “Open Compliance and Ethics Group (OCEG)” into modern corporate management “philosophy” known as GRC.
Many directors may not get excited much with this concept because the three mechanisms / systems must have (more or less) already been established in the organization. They may rather wonder “how is it difference from what already existed?”. The answer is that GRC concept does not emphasize on “existence” of the systems but on managing the systems toward comprehensive GRC integration.
This is considered “Pain Point” of many organizations. As business size grows over time, some departments are separated in order to gain full autonomous in managing their tasks. This pattern could slowly nurture “Silo” culture which consequently leads to overlapping work system / business process, inefficiency, inflexibility, and undue additional expenses that practically waste the organization’s valuable resources.
As a director, have you ever asked yourself: “How can you ensure full compliance (C) of the organization if you do not comprehend with corporate governance principles (G)?” and “How can you govern the organization and set appropriate business direction and strategy (G) if you are unable to identify key risks (R) your organization is facing?”. Since the GRC issues are interconnected and correlated with each other, it is “why” GRC integration within the organization is crucial and “must be implemented”.
GRC integration requires several key components. “Personnel” must have holistic view that see connection / impact of their output on other function / department. “Process” must be clear with concrete and well-matched control system. “Technology” could play a part in processing, presenting, and exchanging information to project “the same picture” throughout the organization.
If you, as a director, govern the organization and successfully establish “GRC integration”, the goal to generate “sustainable growth” would be within grasp.
We would like to take this opportunity to inform you and all directors that the Thai Institute of Directors has completed the “Guideline on Board’s Roles in Governance, Risk, and Compliance (GRC)” for the Board to use as guidance for GRC oversight and work with the management in assessing the organization’s mechanism / internal process whether they are in alignment with GRC integration framework. This is the first time ever that GRC is explained through director’s perspective. The guideline can be downloaded for free at https://forms.gle/Mf1Rv1vdfuzXMTy77
Apilarp Paopinyo
CG Supervisor – Research & Development
Thai Institute of Directors
|