Why your CEO needs GRC
GRC is a critical ENABLER of YOUR CEO’s priorities.
At Brave, we believe Governance leaders should take note of the latest analysis of what matters most to CEOs*. Six priorities were identified, closely resonating with our roles. When did you last take some time to align your agendas?
“Resilience is emerging as a vital ‘muscle’ for companies operating in a world of endless volatility” says the study. The approach to resilience is changing fast and there is less tolerance for organisations who can’t withstand the unexpected. Organisations need to move away from epic continuity plans dedicated to individual risk events towards a mindset and skillset that creates organisational agility. A mindset where operational teams have the confidence and courage to change tack in the face of changing events. Teams who know which decisions need to be made quickly and those which need time, using delegations of authority to empower, not constrain, decision-making. A skillset that can build a clear perspective, top-down, on the critical parts of the business, the critical services and the people, technology, data and equipment that deliver them.
If you haven’t already done so, now is the time to rethink your approach to resilience.
2 & 3: Taking Courage and Hatching New Businesses
“The best leaders and companies are ambidextrous: prudent about managing the downside while courageously pursuing the upside”. Most organisations are all over the downside, but how do you give your CEO courage to pursue the opportunities that emerge from volatility? The answer lies at the heart of what governance functions are meant to deliver. Dynamic, data-driven risk information about new markets and products; legal and regulatory analysis to avoid unexpected surprises and maintain a licence to operate; risk-based controls and assurance that allow the organisation to take brave new steps with confidence. But to do this, these teams need to be freed up from admin to be at the heart of these new initiatives. Don’t wait to be asked – be clear in your own mind about the value you add and engaged enough with the business to be called upon when opportunity strikes.
Beyond the drive for digital transformation, software is at the heart of the businesses of the future. Yet the reporting of progress on technology initiatives is often subject to an unhealthy dose of optimism bias. Report cards that flash green until the moment the benefits (or lack of them) are realised. Risk and assurance functions have a key role to play in helping the CEO to understand whether change is truly being delivered; and to tackle the risks that need to be overcome to make new tech a reality.
At the same time, the adoption of GRC technology has been relatively slow. Lack of properly joined-up offerings from vendors combined with legacy systems and the need to align multiple internal functions are constraining progress. Yet more than ever, CEOs need their governance teams to be insightful and agile, freed from their report-writing desks and bring their unique perspectives to bear on the challenges set out in this paper.
5. Net Zero
Despite the headwinds and the headlines (Covid, inflation, energy security, war in Europe, potential global recession), and the lack of agreement at COP27, the goals of carbon reduction have not gone away. In making bold statements to investors, customers, employees, regulators and others, CEOs need to comply with their obligations while avoiding greenwashing. All governance functions have a role to play. Legal and regulatory teams can help CEOs to navigate the raft of new regulation in this area. Risk teams can help to prioritise the issues that matter. Controls, assurance and audit teams can turn their financial assurance skills to non-financial data.
6. Rebuilding the Employee Experience
This is about more than just sorting out post-Covid, hybrid working arrangements. Organisations need to re-engage a disconnected workforce with their purpose to address attrition and attraction risks that appear to be stuck stubbornly on the top right of many a risk heatmap.
Governance teams can help. Risk teams need to be working hand in hand with people leaders to interpret what employee experience surveys are saying and to identify emerging risks (not just the known ones). Audit and assurance functions are, albeit tentatively, now starting to get a handle on assessing organisational culture. Legal teams have a key role to play in effecting the changes need to an organisation’s real estate portfolio.
BRAVE helps you get aligned with your CEO’s agenda:
- Reviewing operational resilience.
- Risk identification and analysis for new ventures
- Legal and regulatory compliance reviews
- Transformation programme assurance
- BeBraver programmes to develop your courage and personal resilience
- Optimising assurance over non-final data
- People-risk reviews
*This article was inspired by McKinsey & Company’s November 2022 publication “What matters most. Six priorities for CEOs in turbulent times.”