Why the ‘G’ in ‘GRC’ is essential

Published: 11 July 2018

 

“Innovation in the technology arena has brought us to the point where governance, risk and compliance now get a single acronym – GRC – and command equal importance in the minds of every CEO and CIO. But GRC is not only about data: Without effective corporate governance, neither risk management nor compliance with various legal requirements will mean much at all.”

This is the word from Stuart Pearce, managing director of TD Global, who is based in the firm’s Singapore office. “So, when we look at governance, we should talk data, certainly – but we need also highlight governance in the broader business sense.”

Pearce points out that sophisticated software is already available to assist organisations to anticipate potential data incidents and implement more robust controls while providing analytics that can guide data governance strategy. “However,” he asserts, “In light of issues we have seen across the globe in the past year or so, corporate governance must form the basis of data governance for truly effective management of the new opportunities that digitalisation affords companies.”

Without top-down responsibility for the implementation of any new systems, there can be no effective compliance with regulation and risk reduction. “Ethics within the corporate governance and data teams are being closely scrutinised now – by global governing bodies and just about anyone with internet access.

“Knowing that ethical management practises are top-of-mind with business leaders around the world, many are looking to do business only with other organisations whose reputations are impeccable.”

 

Ethics at the speed of social media

Pearce believes we have reached a point in the business landscape where clients will distance themselves from companies whose practises appear to be questionable, even without much solid proof of any wrongdoing. “With social media being the speediest route between two points, when data breaches, questionable ethics and even personal issues within management crop up, it takes just minutes for the news to circle the planet.”

Organisations are paying more attention now and need to know that their own reputation is not tarnished by their business partners of choice. “Just like data governance, robust corporate governance is no longer just a box to tick, or a handshake deal. The years it takes to build a reputation that would make you a first-choice supplier could be gone in a few minutes on Twitter,” he says. “Of course, this is unfair and, in many cases, not always legal – but human beings will always believe there is fire when they smell smoke.”

TD Global suggests that choosing the right partner for the digital journey is as important as choosing a finance partner, an insurance company and all the other partnerships companies form and change as they grow.

“Our solution lies in encouraging our clients to ‘govern the governors’,” says Pearce. “Should there be a cyber attack or a data breach, the media isn’t going to look for answers only from your data teams. The buck will stop with the C-suite, which should have the answers at hand.”

First, he says, choose a reliable partner who can help you determine what it is you want from your data in the present and in future. “Once you have a contract you can trust, ensure that each step of your data blueprint falls in line with your corporate governance approach. This not only reduces risk digitally, but reputationally too, knowing that your key staff members are ensuring compliance across the board.”