Operational GRC: Naming a dangerous, many headed beast

  • Operational GRC is often overlooked but it is just as important as financial GRC and potentially carries more risk.
  • Operational GRC is accountable to a wide range of local and national regulators, making compliance complicated and challenging.
  • There is no standardised position or team within an organisation to oversee operational GRC and take ownership of operational compliance.

Many headed beast

Board members, directors, managers and persons conducting a business or undertaking (PCBUs) are all coming under increasing threat of legal action from non-financial legislation covering areas such as: corporate manslaughter, chain of responsibility (CoR), workplace health and safety (WHS) and so on. These non-financial events have the potential to attract legal action and cause severe brand damage, so why is so little attention being paid to them? The purpose of this article is to raise awareness of non-financial risks by coining the term ‘operational [governance, risk and compliance] GRC’ (OpGRC) to elevate it to the same level of awareness and attention as financial GRC.

Too long, didn’t read

Financial GRC is easy; it’s well understood. There are only a handful of regulations and regulators and they are all national. Tertiary qualifications are well recognised, and accountants and bookkeepers are readily-available. It’s so well organised and understood that every size of business uses a single financial software package and there is always a single person or department dedicated to finance.

OpGRC is completely different. There are thousands of standards and multiple regulators across all levels of government. OpGRC does not have the same level of academic maturity as FinGRC. There is no homogenous OpGRC tertiary qualification and no homogenous group of skilled, trained OpGRC professionals. There definitely isn’t a single piece of software and no single position or department that encompasses the entirety of OpGRC.

This article is exclusive to Governance Institute members and subscribers.

To read the full article…

or Become a member