One of the most common questions I get from people trying to design and implement an integrated GRC capability, is “where do I start” or “how do I develop my GRC road map.”
As Dr. Seuss famously said, “Sometimes the questions are complicated and the answers are simple.” This is true when it comes to GRC.
Developing a GRC road map seems like a simple concept. We are at point A and we want to get to point B, but just like many things that seem so easy, the answer “depends” on how you want to get there.
There is not a one-size-fits-all approach when it comes to GRC. Principled Performance, the reason we take a GRC approach to business, is about doing the “right” things, in the “right” ways to help your organization achieve its objectives. Since every organization has different objectives, and different strategies for achieving its objectives.
“All roads lead to Rome” is an old saying that comes to mind in this situation, so let’s use it to explain this concept.
If you are in Berlin and want to get to Rome, there are several ways you can get there. Perhaps you have always wanted to visit Paris, so you plan a road map that takes you from Berlin to Paris and then on to Rome. That is perfectly acceptable if it aligns with your objectives.
Another organization may choose to go directly from Berlin to Rome. That’s OK too, as long as it aligns with their objectives.
How does this all relate to developing a GRC road map for your organization? It means ensuring the necessary components and elements are in place at your organization to design and implement an integrated GRC capability that aligns with your objectives, strategies, and context within which your organization operates.
So how do you get started? First you need to know where you want to go (have your destination in mind). Next, you have to learn about the necessary components and elements that must be in place to help you get there (map or tools to help you get there).
At this point, some people try to “re-create the wheel” and are much like a person who refuses to ask for directions saying, “Don’t worry I will get there eventually.” But there is really no need to go through that frustration. Others have been down the road before and can help. OCEG, the organization that invented GRC, developed the GRC Capability Model to help.
You still need to learn how to design and implement an integrated GRC capability using the OCEG model. Think of it like a map or a checklist that provides you with help on your journey. Just like you need a map for your journey to Rome, but without understanding how to read the map, your “tool” is not very effective and will not get you there.
OCEG provides training programs to help you understand GRC and you even start developing your GRC roadmap as part of the course. Before you leave the training, with the help of your “expert travel agent” delivering the training, you will learn how to read the map, start planning your perfect GRC vacation, and acquire the language of GRC … regardless of how you would like to get to Rome.
If you are ready to ask for directions in your GRC journey, now is the time to get the help you deserve to make your life easier.
There are lots of people trying to sell their own map or tool to “help,” causing confusion in the marketplace about GRC. I recently talked with a company that was prepared to spend between $500,000 – $1 million after listening to proposals from companies trying to convince them their map and tool they sell was what they needed to “have” GRC.
Before investing in a GRC “dream vacation package” make sure you know where you want to go, know how to read the map, and have a strategy for how you want to get there. Once you do that, it will be very apparent to tools you need to help you arrive at your destination.
Remember, everything looks like a nail to the salesperson trying to sell you a hammer. Just make sure it’s really a hammer you need.
GRC is a long journey with no quick fixes. But, while you are on your journey you might as well enjoy the sites.