#171 – WHAT IS GRC AND WHY USE COMPLIANCE MANAGEMENT SOFTWARE – GREG CARROLL

team-carroll-150x150When starting out on the Compliance Management journey, understanding the alphabet soup of acronyms can be confusing.  Here we try to explain the terms, what needs to be done, and need for compliance management software in the process.

Governance

Governance, is about identifying your reason for being, where you want to go, and managing that journey.  After setting out your vision and mission statements you develop policies, procedures, and strategic plans to meeting those goals.  Using compliance management software to develop and manage these saves on your most expensive resource, senior management time.  In addition to your internal corporate Objectives, easily monitored on GRC software dashboards, there are also a raft of regulatory Obligations to be met.  GRC software will assist with proper due diligence by diary tracking who and when they are to be done, sending out reminders and escalating overdue tasks.

So, if goals identified, processes mapped and progress monitored, what can go wrong? Sadly that 4 letter word Life Happens!

Risk

Risk is defined as the uncertainty in achieving your corporate objectives.  Risk Management is not about predicting the future but preparing for possible problems. ERM, Enterprise Risk Management, is about a corporate wide assessment of hazards and threats, guidelines for which have been set out in the international standard ISO 31000 and the US COSO ERM frameworks.  FastTrack.net complies with the ISO 31000 framework.  Once you have identified and assessed the likelihood and impact of possible hazards and threats to your objectives, you put Controls into place to mitigate the risk, but unless actively monitored it is just an exercise in futility. This is where compliance management software is essential and why most ERM projects based on Excel spreadsheets fail to prove useful.

Compliance

Compliance is ensuring your operations fulfil their intended goal.  It starts with making sure things are done when and how they as supposed to, but also to ensure efficiency, productivity, and confidence in pursuing your goals. So risk looks at what could happen while compliance looks at what is happening. I’ve written many times on using the myriad of standards and regulatory frameworks as a roadmap to ensure a systematic approach to optimising performance (see PDCA is NOT Best Practice). Whether ISO 9001 for Quality Management, ISO 55000 for Asset Management, or ISO 17025 for laboratories, they all cover the common criteria of document control, audit management, regulatory traceability, and incident management.  It’s just a matter choosing what’s right for you. Using compliance management software not only saves time and money over man-drolic methods of ensuring compliance, but also provides the ability to analyse performance and weaknesses to implement continuous improvement.

The difference between GRC vs ERM

With today’s over-emphasis on ERM due to regulatory mandating, sight has been lost of getting your strategic goals right and monitoring performance to those goals. So, GRC is about the development, targeting and monitoring performance of your corporate objectives & goals, while ERM is identifying and managing potential threats to achieving your objectives. No matter how good your ERM system is (and most aren’t), it will only support you in achieving your goals. Make sure you get them right first.

Finally, is compliance management software really necessary to start?

No. Like most good things in life, it takes effort and motivating to achieve results.  Good outcomes don’t just happen.  The hardest, but most important thing is to get started.  If that means starting with spreadsheets, to build registers of objectives, obligations, risks, and compliance activities, do it.  FastTrack can import your existing data directly from spreadsheets, so your effort won’t be wasted.  In today’s volatile and disrupted business environment, GRC is your fitness program and compliance management software is the gym membership. Just don’t be a couch potato.

Bio:

Greg Carroll 
- Founder & Technical Director, Fast Track Australia Pty Ltd.  Greg Carroll has 30 years’ experience addressing risk management systems in life-and-death environments like the Australian Department of Defence and the Victorian Infectious Diseases Laboratories among others. He has also worked for decades with top tier multinationals like Motorola, Fosters and Serco.

In 1981 he founded Fast Track (www.fasttrack365.com) which specialises in regulatory compliance and enterprise risk management for medium and large organisations. The company deploys enterprise-wide solutions for Quality, Risk, Environmental, OHS, Supplier, and Innovation Management.

Mastering 21st Century Risk Management” which will be available from the www.fasttrack365.com website in a couple of weeks.   Meanwhile a recent Webinar on the topic can be seen at http://www.youtube.com/watch?v=nQoJj6FBxrY&feature=youtu.be in which we show how emerging best practices provide a good picture for how enterprise risk management should look in the 21st century.

Leave a Reply

Your email address will not be published. Required fields are marked *