by Frank Romeike, Managing Partner at RiskNET GmbH
An old proverb says that there is a lid for every pot. It was even the theme of a German song back in the 1960’s when people still lived in a very analog world. It was a time when digitalization was an unfathomable except for the few scientists who were researching the fundamental concept. Offices had the appearance of being well organized – with pencils, sharpeners and typewriters.
Let’s emerge from this sunken business world and dive into the digital, networked one of today. The keyboard, mouse and laptop, once modern staples, are slowly becoming obsolete as well. Taking priority are the various software solutions that facilitate collaboration and are supposed to make processes “safer”, “leaner” and “more agile”. At least that is what most vendors promise. That sounds great, if it weren’t for the flood of software solutions, tools and applications.
That brings us back to where we started and the negative implications of it all. In today’s world, there isn’t a lid for every pot! Why, you may ask? Many old and new tools in an organization’s fleet of software are a burden. You have IT and information security here, quality management there, and solutions for compliance, risk management and internal control systems everywhere. That’s not even including the masses of spreadsheets and self-built tools. That’s fine as long as someone in the company is keeping tabs on everything. The probability, however, is next to zero.
A siege mentality is leading to siloed department solutions. With the loss of comprehensive information, companies are flying blind in the business world. The route is full of risks and, if in doubt, it is top management sitting in the ejection seat.
Risk management and decision-makers, however, need valid statements on the entire organizational structure. This allows them to take early actions and establish sustainable forms of enterprise management including organizational management. In this context, it is easy to understand the importance of integrated governance, risk and compliance management (GRC).
A continuous, integrated approach to GRC enables companies to optimally manage interactions among people, resources, processes and technologies. The name, however, is beside the point. Whether you call it integrated enterprise risk management or GRC, it is about integration and a system that goes beyond mere assurance to add value to enterprise and performance management. In other words, risk management that is built and integrated the right way provides a better way to manage insecurities both within and outside the organization and the entire risk management process. Internal controls, compliance risk and governance topic, of course, are all included in such an integrated system.
So remember – not every pot needs a lid. The real question, however, is if one large pot with a lid isn’t better than several tiny sets. This single pot is called sustainable, integrated management with the help of an integrated risk management and governance concept. As we already know from Aristotle, the most famous and influential philosopher and naturalist in history, the whole is greater than the sum of its parts!