The initial inspiration of my “Groove Theory of GRC” was Rocco Prestia, the bass player for the funk band Tower of Power. His definition, or lack thereof, of the term groove started my thought process on how very important things can exist without exact scientific explanation. In my last blog, I talked about combining Musicality and Performance to create a special musical experience and how GRC should strive for this powerful combination through Visibility and Accountability to result in Performance Optimization. Now I want to explore the complexities of any musical endeavor. While solo performances can be captivating, a full orchestra performing in perfect concert together is one of the highest forms of human collaboration and expression. So on to postulate #2.
Postulate #2: The more pieces of the business involved; the more complex the challenge but the greater the value.
Across the spectrum of GRC activities, multiple pieces of the business need to pick up their instruments and build to the crescendo of a well-oiled organization. This may be a flowery way of putting it to fit my running analogy so let’s cut to brass tacks: Everybody needs to play nice in the sand box. Not as dramatic but that is the bottom line. Organizations that build walls, foster politically motivated cultures, enable kingdom building and all of the bad behavior we saw on the playground in kindergarten will struggle with making the right decisions and eventually face a serious business breakdown.
GRC is one of those avenues to break down the barriers between parts of the business. If an organization can rally around a significant regulatory compliance challenge (as many companies faced with Sarbanes Oxley) or unite to respond to a major calamity (as organizations experienced during recent natural disasters), then the organization should be able to band together to operationalize risk and compliance processes. Domains of the business such as Information Technology, Finance, Audit, Legal, Compliance and others are necessary to build the right fabric across the organization. A common strategy, with defined objectives and executive buy-in, will go a long way.
Each domain, or department will at times seek to build its own GRC approach. This is completely understandable as each domain has its own drivers and needs. Information Technology may utilize GRC to improve IT service responsiveness, reduce security risks and maintain compliance to data protection standards. Finance may focus GRC on financial reporting processes, look to reduce capital, market or liquidity risk and maintain compliance to accounting practices. G, R and C mean different things to different operational elements. However, the organization can begin to bring those together into a more concerted, complimentary approach through an enterprise strategy.
Back to my Groove theory: Most organizations will start with a string quartet or jazz trio or folk singing duo. The goal is then to bring more and more instruments into the ensemble until a full orchestra is making music together from the same song sheet. Obviously that singular score, if its parts are written with harmony and based on solid music theory, can enable the movements, countermelodies and dynamics that make for a beautiful symphony. It is at this point where the organization transitions from singular players into a larger, more complex performance. The result: Opus # 9 in GRC sharp.
* I had to include a link to this video showing "Tower of Power" from 1973 – 2011. A band as tight and funky as can get even after 38 years of creating music. Now that is the type of sustainable collaboration we all hope we could foster in our organizations.