Board members, directors, managers and persons conducting a business or undertaking (PCBUs) are all coming under increasing threat of legal action from non-financial legislation covering areas such as: corporate manslaughter, chain of responsibility (CoR), workplace health and safety (WHS) and so on. These non-financial events have the potential to attract legal action and cause severe brand damage, so why is so little attention being paid to them? The purpose of this article is to raise awareness of non-financial risks by coining the term ‘operational [governance, risk and compliance] GRC’ (OpGRC) to elevate it to the same level of awareness and attention as financial GRC.
Too long, didn’t read
Financial GRC is easy; it’s well understood. There are only a handful of regulations and regulators and they are all national. Tertiary qualifications are well recognised, and accountants and bookkeepers are readily-available. It’s so well organised and understood that every size of business uses a single financial software package and there is always a single person or department dedicated to finance.
OpGRC is completely different. There are thousands of standards and multiple regulators across all levels of government. OpGRC does not have the same level of academic maturity as FinGRC. There is no homogenous OpGRC tertiary qualification and no homogenous group of skilled, trained OpGRC professionals. There definitely isn’t a single piece of software and no single position or department that encompasses the entirety of OpGRC.