It is inevitable for governance, risk and compliance (GRC) to converge. They are all about achieving the objectives of the organisation. For me, the greater debate is what role should an individual take as a leader in the convergence of the GRC space in an organisation?
It was no surprise that the International Federation of Accountants (IFAC) Survey , which assesses the need to align risk management and internal control guidelines internationally, found the need for an alignment is strong and that "both elements are integral parts of an effective governance framework".
IFAC goes on to call for international collaboration of standard-setting bodies, professional associations and relevant regulators to achieve this goal. A long road, but we will all be better off if we have one set of guidelines to compare ourselves to.
In thinking about all the stakeholders involved from governance, risk and compliance specialists, to accountants, career auditors, lawyers, actuaries and chartered secretaries it made me ask the question, who should or will own this space in another ten years?
What I do know is that the GRC space is multi-disciplinary. It requires someone with an MBA on steroids to be across it all. Hence I can see a need for specialists. That means no one profession will own the space. I can see the space remaining much as it is now with the GRC leader in an organisation coming from any one of a range of management or professional disciplines with a personal bent towards their professional background.
The takeout for a leader in the GRC space is:
1. Manage your own personal bent and ensure you give all aspects of the challenge adequate weighting. Where you have a weakness you will need to supplement with skills from one of the specialist disciplines.
2. Resist segregation of governance, risk and compliance. They are integral parts.
3. Insist on segregation of GRC from audit. The role of audit is to provide confidence that the GRC arrangements are appropriate and effective.