GOVERNANCE, RISK, COMPLIANCE: A Brief History Of GRC
Recent Gauteng Business News
Governance, Risk and Compliance (GRC) is a concept that has of late become a key business issue around the world – and a three letter acronym that is seen by many as an organisational headache according to Jayen Vyravene, CEO of Quency . Locally, the recent implementation of King III in March and the imminent launch of the New Companies Act have seen organisations start to pay greater attention to their conduct at all levels in order to avoid facing penalties. This is a good indication that the right measures are being put into place. However, GRC is not a new concept and has been in existence for many centuries. As Carl Sagan famously said, “You have to know the past to understand the present”. To truly understand the full weight of GRC, one must understand its history.
The beginning of GRC
To find the first instance of compliance in history, it makes sense to look to the beginnings of corporations as we know them today. These took the form of ‘joint stock companies’ – a corporation or partnership involving two or more legal persons. The earliest one was formed in France at Toulouse in 1250, when the Société des Moulins du Bazacle (Bazacle Milling Company) traded 96 shares at a value that fluctuated depending on the profitability of its mills. With this development, and the subsequent responsibility and accountability of the board to the share holders, came the first inklings of GRC, which now forms the three-legged stool of organisations across the world. The Bazacle Milling Company continued to trade until as recently as 1946.
Another, more well-known early joint stock company that incorporated GRC was the East India Company, which was granted a Royal Charter in 1600 by Elizabeth I to trade directly with India. Although it started as a commercial trading venture, the company went on to virtually colonise India.
The East India Company, and other early English joint stock companies, paid out dividends to their shareholders depending on the profitability of each voyage. They were governed by their members democratically – ‘one man, one vote’ - irrespective of the number of shares held.
The ‘one share, one vote’ system was later adopted in America in the mid-1800s, and then by Britain shortly afterwards, giving power to the
The start of the modern compliance system
While it is clear that the concept of GRC has been practiced by all organisations in the past from their very inception– to some extent – and in varying ways, the origins of modern compliance systems are those that more closely resemble what we know today. It was at the beginning of the 20th century when these systems were first established, such as the Food and Drug Administration (FDA) created in 1906, when private business and government started to bump heads following the rise of the public safety movement and public safety agencies. From then on, health and safety became key areas of focus in an organisation’s compliance and risk strategy – mainly due to legislature pressure from government.
This public model of compliance was common until the 1970s in the United States– but subsequent corporate scandals – such as the Watergate scandal, changed how the concept of GRC was viewed. Corporations started to realise that instead of being ‘forced’ to comply with various laws, it was in their best interest to develop deeper insight into the overall workings of their business.
On a global level, the concept of GRC became increasingly significant during the 1980s and 1990s when many countries transformed from ‘command economies’
(state-controlled economies) to market-based economies – moving the control of the economy from the hands of the government to that of the private sector. This created an interesting dynamic between the stakeholders/ public, the government and the private sector – as we know it today. While the public votes in the government, it is the private sector that controls the economy. As such, the government is compelled to enforce legislation on the private sector in order to ensure economic sustainability.
History in the making – where we are now
The increasing influence of corporations on the lives of the public, both directly and indirectly, has led to greater responsibility being pinned on the private sector than ever before. Aside from the effect critical events like the downfall of the Lehman brothers on the world economy; the mere sphere of influence – from environmental impact to employee welfare – has highlighted the need for a change in the way the corporate world views issues of compliance. And rightly so, when one considers that many large corporations are now bigger than some of the world’s countries, and thus have a direct responsibility to more people than many governments do.
The recent addition of ‘ethics’ to the pillars of GRC is a tricky, yet necessary one. The need for organisations to start looking at their conduct from an ethical perspective has come about due to the realisation that compliance doesn’t necessarily equate to ethical behaviour. This is because compliance should not merely refer to compliance with law, but should also include compliance with the ‘internal voluntary regulations’ of an organisation.
GRC as a cultural heritage
While the history of GRC outlined above isolates several turning points in how the concept has evolved, it is important to realise that each country has inherited a unique framework of GRC, informed by its own history, culture and circumstance. In turn, how people within organisations react to the framework is informed by their history, culture and circumstance. The perception of the individual and the collective, power relations and cultural beliefs within a country will all influence how the framework will be received, and will create a specific set of challenges for its implementation. This accounts for the differences we see today in GRC frameworks across the world, and will account for the way each country’s framework evolves in future. It is also for this reason that it is vital to understand GRC as a ‘mindset’ rather than merely a legislative framework.
The bigger picture
The most important aspect that needs to be understood when it comes to GRC, is that its successful implementation depends on awareness and an understanding of ‘the bigger picture’ – right from the top to the bottom of the organisation. In other words, what is required is willing and voluntary cooperation on issues of GRC, something that can only be achieved with full buy-in from all employees within the organisation. Take for example the simple need for an organisation’s customer service agents to fully understand the need for ‘service with a smile’ instead of merely going ‘by the book’. If employees don’t understand the repercussions their actions have on the business, and in turn on them, they are less likely to buy-in to what is more a ‘mindset’ than a measurable ‘job requirement’.
On a larger scale, it is useful to think of GRC as a system of political governance such as democracy: it is one thing to implement the political system, but its real value is only seen when the public buys into the concept, and thus truly enforces it – by fulfilling their role of voting, for example. And this shift in mindset cannot be enforced overnight – it must come from the people themselves, and can only be encouraged by ensuring awareness and understanding of the benefits of the system to all.
As organisations start to feel the pressure to comply with various laws and guidelines they should keep in mind the bigger picture, realise the importance of the steps they are taking, and start to think about how they can start changing the mindset of the whole organisation towards GRC.
Business News Sector Tags: Management|