When starting out on the Compliance Management journey, understanding the alphabet soup of acronyms can be confusing. Here we try to explain the terms, what needs to be done, and need for compliance management software in the process.
ERM by itself does not deliver outcomes. Only when combined with strategic planning and compliance assurance can you expect to see tangible benefits.
GRC, Governance, Risk and Compliance simply put, is the holistic approach to ensuring a business achieves its business goals. So what’s the difference to ERM, ISO 31000, or COSO?
They all are just the Risk Management component of GRC. Let’s look each component in turn.
Governance, is about identifying your reason for being, where you want to go, and managing that journey. After setting out your vision and mission statements you develop policies, procedures, and strategic plans to meeting those goals. Using compliance management software to develop and manage these saves on your most expensive resource, senior management time. In addition to your internal corporate Objectives, easily monitored on GRC software dashboards, there are also a raft of regulatory Obligations to be met. GRC software will assist with proper due diligence by diary tracking who and when they are to be done, sending out reminders and escalating overdue tasks.
So, if goals identified, processes mapped and progress monitored, what can go wrong? Sadly that 4 letter word Life Happens!
Risk is defined as the uncertainty in achieving your corporate objectives. Risk Management is not about predicting the future but preparing for possible problems. ERM, Enterprise Risk Management, is about a corporate wide assessment of hazards and threats, guidelines for which have been set out in the international standard ISO 31000 and the US COSO ERM frameworks. FastTrack.net complies with the ISO 31000 framework. Once you have identified and assessed the likelihood and impact of possible hazards and threats to your objectives, you put Controls into place to mitigate the risk, but unless actively monitored it is just an exercise in futility. This is where compliance management software is essential and why most ERM projects based on Excel spreadsheets fail to prove useful.
Compliance is ensuring your operations fulfil their intended goal. It starts with making sure things are done when and how they as supposed to, but also to ensure efficiency, productivity, and confidence in pursuing your goals. So risk looks at what could happen while compliance looks at what is happening. I’ve written many times on using the myriad of standards and regulatory frameworks as a roadmap to ensure a systematic approach to optimising performance (see PDCA is NOT Best Practice). Whether ISO 9001 for Quality Management, ISO 55000 for Asset Management, or ISO 17025 for laboratories, they all cover the common criteria of document control, audit management, regulatory traceability, and incident management. It’s just a matter choosing what’s right for you. Using compliance management software not only saves time and money over man-drolic methods of ensuring compliance, but also provides the ability to analyse performance and weaknesses to implement continuous improvement.
The difference between GRC vs ERM
With today's over-emphasis on ERM due to regulatory mandating, sight has been lost of getting your strategic goals right and monitoring performance to those goals. So, GRC is about the development, targeting and monitoring performance of your corporate objectives & goals, while ERM is identifying and managing potential threats to achieving your objectives. No matter how good your ERM system is (and most aren't), it will only support you in achieving your goals. Make sure you get them right first.
Finally, is compliance management software really necessary to start?
No. Like most good things in life, it takes effort and motivating to achieve results. Good outcomes don’t just happen. The hardest, but most important thing is to get started. If that means starting with spreadsheets, to build registers of objectives, obligations, risks, and compliance activities, do it. FastTrack can import your existing data directly from spreadsheets, so your effort won’t be wasted. In today’s volatile and disrupted business environment, GRC is your fitness program and compliance management software is the gym membership. Just don’t be a couch potato.
|Free Excerpt: Mastering 21st Century Enterprise Risk Management
Guide to selecting & implementing Enterprise Risk Management
|FastTrack Demo Videos
See a quick 4min recorded demo on the FastTrack "neural network" delivering visibility and accountability accross an Enterprise.
|Strategic Management Data Sheet
How Fast Track integrates Strategic Planning, ERM, Organisational Resilience, KPI monitoring, and Excel Pivot Tables empower staff.