Effective GRC practitioners perform a balancing act
The role of the GRC practitioner has changed for many reasons. This is according to Malesela Mokonyane, head of compliance at Real People Assurance Company.
"The risk profiles of organisations have changed and GRC has had to realign and follow along. The introduction of new risks and more involved regulators have forced boards and respective management layers to play a more involved role. The expectations and reliance on the assurance functions (compliance, risk, governance and audit) have subsequently and naturally been challenged to follow suit," explained Mokonyane.
The rapid changes in regulations have also affected the role of the GRC practitioner. "Changes and amendments to regulations have forced the GRC function to think differently. The renewed regulatory philosophy of 'risk-based approach' has changed the approach to regulatory risk as we knew it," he elaborates.
"Of course this affects the spend on GRC. The heads of GRC are forced to also demand and justify their share in the bottom line due to the high project costs associated with the function," adds Mokonyane.
According to Mokonyane, the digital age impacts on GRC practitioners and the role they play. "The new age introduces a new thinking and challenges. We must remember that there is a balancing act for the GRC practitioner to both the regulator and then on the other end the business. We can create templates and systems, but a machine will never understand the spirit of the legislation," he expands.
"In my mind digitalisation should be seen as an enhancer to the role of the practitioners. We should embrace change and use it to enhance our skills and make our lives easier. Our ability as GRC practitioners to adapt to change and just how fast we do it, will either alienate us from the business or bring us even closer, as partners in the future," says Mokonyane.
"The biggest threat is when GRC practitioners isolate themselves and define themselves outside of business challenges. As GRC practitioners, while we safeguard and protect the names of our organisations, their integrity and lead the fights to avoid financial losses, we must still consider the customer and broader business objectives. The consumer is more enabled, resourceful and aware of their rights. They are asking more questions and demanding better and quality services and/or products. The business is looking up to the GRC practitioner to assist in navigating these unknowns and drive the vision, as a partner they can rely on to manage risk, but equally critical enough to stand their grounds when things goes wrong," concludes Mokonyane.
Mokonyane is one of the experts taking to the podium at the ITWeb Governance, Risk and Compliance event at The Forum next week. Other speakers include Tichaona Zororo, a member of ISACA Board of Directors, president of ISACA South Africa Chapter, and an IT advisory executive with EGIT: Enterprise Governance of IT; Johannes Weapond, a full-time member of the Information Regulator for the POPI Act; Max Blecher, the chairperson of South African National Standards Body mirror committee on IT Service Management and IT Governance and MD, Virtual Alliance; Candice Holland, director: Risk Advisory Africa, Deloitte South Africa and many more.