![[Original size] Strategy Assist #bf1d0e](https://static.wixstatic.com/media/1d980a_69e57fb9d73140b68bdcb843fa153134~mv2.png/v1/crop/x_60,y_57,w_293,h_309/fill/w_81,h_88,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/%5BOriginal%20size%5D%20Strategy%20Assist%20%23bf1d0e%20.png)
Large enterprises, listed entities, leading mid market companies and some Not for Profit organisations have realised the benefits of proactively managing enterprise risk and embedding compliance obligations into standard operations. Unfortunately a large percentage of mid market companies and Not for Profit organisations invest little in risk and compliance strategies and thereby limit their effectiveness and fail to achieve good corporate governance.
Good corporate governance is impossible to achieve without an organisation wide, proactive approach to managing risk and compliance. Risk and compliance strategies must be taken out of the administrative bowels of organisations and placed front and centre in corporate processes, embedded in learning management strategies and leverage appropriate technology which makes it simple for all staff to do the right thing.
In a 2016 poll of mid size business and NFPs conducted by Grant Thornton Australia, only 16% of respondents flagged their risk and compliance culture as PROACTIVE. Nearly half of the respondents (48%) reported some elements of proactivity while 36% stated that their culture either needs work, not assessed or un-known.
These statistics confirm what we are seeing in the market, there is a long way to go to uplift governance standards for Mid Size businesses and Not for Profit organisations.
Why implement risk and compliance? Organisations which have implemented risk and compliances strategies which are proactively managed by all staff have realised both hard and soft benefits. These include:
High quality standards and operational standards, leading to better products and services, customer satisfaction, brand uplift and employee satisfaction
Lower overall incidents, timely incident management and a culture of proactive incident avoidance and prevention
Higher levels of operational transparency and operational cohesiveness through advertised, understood and practiced processes, policies and procedures
Risk impact minimisation through vigilant risk identification, prediction and proactive management
Productivity benefits of all staff across the organisation
Informed decision making aligned with the business’ strategic objectives and risk appetite.
While Risk and Compliance processes are important – education is key. A key success factor, reported by all organisations who implemented risk and compliance well is a focus on education. Education, is not just about training! Training is important, in that staff need to understand how to use the various systems, however education, covers a lot more. It informs people on the background, reasons of what is being done and why it needs to be done – training just deals with the how.
It is also important to recognise that people learn over time. Most people absorb a small percentage of the content presented to them in a single training session. Therefore if you conduct multiple sessions with incremental messaging with some repetition and confirmation of knowledge, you will achieve a greater level of understanding and thereby a more in-tune workforce.
The ultimate formula for success is to embed education in an overall organisational change management plan.
Technology is important While processes and education are key, poor technology can undermine good processes and a genuine desire by staff to do the right thing. If the technology is difficult to use, busy people will simply not use it.
Technology to support and enable proactive risk and compliance activities needs to be:
Accessible, which means it must be tablet/mobile enabled
Simple and easy to use, because all staff of all abilities need to use the system
Insightful, by prompting people to do things, reminding when activities are due and escalating items that are overdue
Collaborative, where all update the same system, with workflow for approvals and escalations plus jointly contribute to specific mitigations or obligations
Embedded, in current applications where possible. The more applications that you throw at your users the less they will use them all effectively. The aim here is to consolidate your application footprint and integrate all components
Reporting, risk postures and compliance statements with the click of a button
An example of good technology is risk and compliance within the CRM application used by Aboriginal Health Council of South Australia.
While spreadsheets and documents are a great way to prototype your technology needs, they rarely make good ongoing applications because they are simply too hard to use, they are not accessible, suffer from version control mismatches, are not multi user and largely are managed by a small group of people on behalf of everyone else.
In summary, we believe that managing risk and compliance is important to business success, longevity and accountability. To achieve these outcomes, organisations need to define appropriate processes, engage and educate staff and given then enable the right technology.
コメント