Connecting Performance and GRC for Strategic Excellence


This is a precis of Tor Inge Vasshus’s presentation at the G[P]RC Summit 2024 held in UAE.

Emerging from the Landscape of Business Challenges

One of the growing concerns in today’s complex world of business challenges is the need for effective navigation. Remember, the urban legend of the U.S.S. Lincoln, a US naval ship? Or the real-world examples of the Siemens scandal, and BP’s Deepwater Horizon disaster? These serve as stark reminders that even large, reputable organizations can lose sight and falter in making crucial judgments. These cautionary tales emphasize the critical consequences of overlooking risks and compliance.

Interestingly, organizations today face multifaceted challenges that range from increasing regulations and cybersecurity threats to looming risks of reputational damage. Therefore, it is significant to take a two-fold approach to managing risks and compliance (GRC) associated with the challenges and driving performance and value creation around the same.

The following tips are a successful recipe to connect performance and GRC for strategic excellence in any challenging business environment.

1. Competence

The importance of cultivating a risk-aware culture within organizations cannot be overemphasized. Many large organizations are now considering everyone as a risk manager, thus ingraining competence in risk management at every level.

2. Govern-Manage-Assure, Lines of Responsibility

The three lines – governance, management, and assurance are crucial for modern organizations. Emphasizing the significance of these distinct lines and having a clear structure to ensure effective risk management within organizations is critical. Make sure that there is a separation of responsibility, along the three lines.

3. Strategy Management

Crafting a well-defined strategy is a pivotal tool for success. Visualizing and articulating strategic destination is useful to answer questions like: Where will the company be in five years? What does success look like?

The famous management guru, Peter Drucker once said, “You can’t manage what you can’t measure.” More apt in today’s business landscape would be,

“You can’t manage what you can’t describe.” – Tor Inge Vasshus

We need to start with a strategic destination in mind. Describe the journey from the starting point A to the destination B, and emphasize how you should “win” through your strategic objectives. This is what sets you apart from competition and can be seen as your recipe for success.

Try to visualize strategic objectives and link everything together such as the initiatives, KPIs, and the risk. When it is in one view, one can see how everything connects in the organization. Executives can view the initiatives, audits, risk treatment, risk compliance measures, and organizational alignment of how the different units are contributing to the fulfilment of the overall strategy. The use of technology can further support aggregated risk views and place information at the fingertips of executive management. See more on this in the next tip.

4. The Role of Technology

Choosing the right technology is a daunting task for any business. A recommended approach to effective management is to initiate the digitalization process. Have you considered creating a digital twin or a model of the organization? For instance, there are technologies that support a digital twin of an organization using enterprise risk model with an established strategy for fulfilling objectives. This involves connecting people, processes, and data, and defining performance metrics, objectives, vision, mission, and values. Using such a technology the management team can monitor risks and ensure alignment with compliance measures for effective organizational governance.

Example: Strategic objectives and related KPIs view in Corporater Integrated GRC software

A typical organization can begin by defining performance, strategy, objective, vision, mission, and values. There would be a separation of responsibility, along the three lines. Using the right technology, objectives can be visually represented, be it the financial perspective, customer perspective, stakeholder perspective, internal process perspective, or organization capacity perspective. The organization can additionally visualize where it should be placed strategically in each objective in the future. Within such a view, there can be an added layer of organizational values, integrity, innovation, and excellence based on the people, competence, and organization capacity to execute processes.

Use AI or not?

The other consideration about technology today is the use of AI. There is no doubt that organizations that embrace AI will outperform those that are not using AI in the future. At Corporater, we have made an AI integration framework. One can plug in AI or can use Corporater’s AI. For example, use AI to find risk factors, controls, or threats or to determine the right context. So, if the organization uses a digital twin technology, within enterprise risk management model, specifically in IT security, the user could ask the machine, “Can you help me identify some threats or some risk factors?”, or prompt AI to go through ISO 27001 to come up with proposals!

5. Use the GPRC Overview as a Compass

Finally, adopting a modern management framework gives an added benefit for business management in a dynamic landscape. The GPRC matrix, also known as the Governance, Performance, Risk, and Compliance matrix, is a framework used to assess and manage the key aspects of an organization’s operations. Adopted by top organizations worldwide, it provides a comprehensive compass to guide organizations through governance, performance, risk, and compliance initiatives to achieve strategic goals. GPRC is a perfect approach to ensure proper governance of business performance, risk, and compliance, while making sure the organization is always steering towards their strategic destination.

To learn more about GPRC, click here.

In Summary

Having a holistic picture is key to success in today’s challenging landscape of operations. There is a need for a strategic approach to address organizational challenges with a focus on developing a risk-aware culture, clear separation of accountability and responsibility through the three lines and crafting a well-defined strategy. Thus, by prioritizing competence, outlining accountability, crafting robust strategies, adopting the GPRC framework, and leveraging technology and AI, organizations can stay prepared for the unexpected and strive for strategic excellence in an ever-evolving business environment.

To download the full presentation, click here.

To watch the replay of Tor Inge’s keynote at G[P]RC Summit 2024, click here.

Want to know about an Integrated GRC System?