People, especially consultants, are not only telling us how to address the pandemic but also what we should look for when it’s all over.
In his latest post, my good friend Michael Rasmussen makes some good points. He is always worth listening to and today is no exception.
Keep Calm & GRC On! reminds us, first, what GRC is all about. I like the OCEG definition that he quotes as it makes sense.
GRC is “a capability to reliably achieve objectives [GOVERNANCE] while addressing uncertainty [RISK MANAGEMENT] and act with integrity [COMPLIANCE].”
He spells out his vision, what he sees in his crystal ball, of what risk management (in particular, although he also touches on contingency planning and policy management) will look like once we are done with COVID-19.
But I have a different perspective.
It’s a tough line, but we need to face reality.
Even before the crisis, few on boards or in executive management believed their risk management programs were helping them run the organization for success. At best, it helped anticipate and avoid failure – which is hardly the same as achieving success. At worst, it was a cost center that helped comply with regulations.
These same leaders should now be asking whether the risk management program they had in place prepared them for the crisis – and whether it is…
