More

    Navigating the Future of Governance, Risk, and Compliance (GRC)

    LEADAFI COUNCILS POST

    Published on:

    By Joni Reyes

    Whether a start-up or an international conglomerate, a Governance Risk and Compliance program must be in place.

    All organizations must protect their customers and themselves from risks negatively impacting financial, regulatory, and reputational exposures.

    While Foundational GRC practices stemmed from compliance initiatives., the changing landscape demands more across an organization.

    The complexities of continued and evolving advanced technologies (inclusive of AI), regulatory requirements, and business practices require a top down/bottom-up approach in collaboration and strategic decision making across all businesses of any size.

    So how do you navigate a continuously changing landscape?

    Establish a proactive and visionary effort to ensure against potential data breaches, security threats, and more. 

    The resiliency and strength of a GRC program recognizes that things change!

    Navigating the GRC landscape is always about Questions and how you answer them.

    The questions and actions to ask to maintain a stance of readiness with a plan for the immediate and planned future is:

    • who (what officers/leads) internally are tasked or will be tasked to address,
    • what (subject matter experts will be utilized),
    • why (what initiatives and for what reasons), and
    • How do we remedy the potential threat?
    • And what’s the plan to adjust the above points as needed?

    If business is good, your organization will grow and change.

    How is your growth impacting you?  How are you managing your Vendors? Could you use a little more consolidation in this space to limit regulatory and risk exposure?

    Where are you with your internal data and systems?

    Have you 1, 2, or 3 GRC systems.  Are practices still siloed? You shouldn’t be.

    Not every organization can manage with only 1 GRC platform.

    The size and complexity of your organization will dictate the demands of your GRC platform(s).

    Afterall, Vendor Risk is different from Vendor Management as IT Security vs IT Risk (and documentation) is delineated.

    And if you have more than one GRC platform, have you aligned to a Taxonomy that results in meaningful metrics?

    How are your GRC platforms established in the infrastructure stack of your organization?

    Do you have a central repository to pull your relevant data to report accordingly?

    Fragmentation of information makes for miscommunication of a good intention.

    What’s your plan to align?

    And when you’re feeling good about having all the players and platforms in place working with intended initiatives, how open are you to external intelligence?  Even the best of executives and staff could use an independent resource or two or three or more to keep you educated on the GRC landscape.

    Lastly, how committed is your most senior leadership to this GRC program?  Is the message enterprise wide?  Does the Business/First Line of Defense know it’s responsibilities? Are they empowered with easier to use intuitive technologies? Have you avoided duplicative efforts? Have you aligned them to your GRC activities in such a way that it no longer is a confusing mess to address quarterly or every now and then?  Is the importance of business engagement messaged throughout enough?

    If you’ve checked boxes and answered positively to the bulk of the questions asked above, you’ve got a good start.

     You are just mandated to keep revising, readapting, and reinventing your GRC program.

    Related

    Leave a Reply

    Please enter your comment!
    Please enter your name here


    Joni Reyes
    Joni Reyes
    Joni Y. Reyes is an accomplished Engagement Manager at MetLife Inc. in New York, NY, where she has excelled since 2015. Known for her strategic acumen and commitment to organizational excellence, Joni leads transformative initiatives in Governance, Risk, and Compliance (GRC), providing strategic consultancy and prioritizing opportunities for MetLife. As a key member of the EGRC Governance and Working Group committees, she influences strategic decision-making and manages complex technical projects from inception through implementation. Joni’s expertise includes vendor relations, solution analysis, planning, testing, training, and stakeholder management. She has led significant projects like the EGRC platform upgrade and Horizon Scanning APIs implementation, enhancing MetLife’s operational efficiency and risk management. As a member of MetLife’s AI Center of Excellence, she advises on data governance and internal risk language assistant development. Her leadership in the Financial Matters Processing and Reporting Project streamlined financial controls and processes, resulting in cost savings and operational efficiencies. Joni is recognized for her ability to build strong stakeholder relationships, driving consensus and achieving buy-in for critical projects, making her a trusted IT partner and strategic influencer within MetLife. https://leadafi.com/executive-biography/joni-y-reyes-engagement-manager-professional/

    © LEADAFI, Elevating Leadership, one article at a time.

    Lead-afi (verb): The act of improving, enhancing, or amplifying the leadership qualities of an individual or group, with the goal of establishing their executive brand and authority in their industry. This could mean coming up with and sharing a clear and compelling vision, building a strong personal brand, and getting known for being a thought leader and expert. Through Leadafi, executives can increase their visibility and influence within their industry, and position themselves as trusted and respected leaders.