Institutional checks and balances, civil society groups, and independent media saved South Africa from a $76bn nuclear power deal with Russia under the leadership of the then President Jacob Zuma, according to the Carnegie Endowment for International Peace report.
Released in December 2019, the report entitled, “Nuclear Enrichment: Russia’s Ill-Fated Influence Campaign in South Africa”, serves to underpin the importance of having checks and balances, in the form of effective governance, risk and compliance (GRC) protocols, in place to protect your organisation, employees and reputation. Improved governance and compliance policies could certainly have impacted the outcome of what is now termed ‘state capture’, further showcasing the importance of such at all levels of operation – from the ground up.
The challenge: How do you know what GRC system is best for your business?
“Choosing an effective system that has the potential to adapt based on operational requirements, growth and regulatory changes, is crucial to stay on top of your compliance needs,” says Bosman Stramrood, General Manager: Lexis® GRC at LexisNexis. He offers the following advice on kickstarting 2020 with a comprehensive assessment of organisational needs, operational environment and growth potential to enable the selection of an appropriate GRC system:
• Establish your needs: The size of a business and its potential for growth, whether or not it is locally based or multi-national, will impact the selection of a GRC system. With awareness of current and future needs, a risk and accountability assessment should be conducted which will lead to an appropriate approach, one that is able to adapt as the business grows.
• Check out the regulatory environment: Does the business operate in a highly regulated environment? Is it subjected to cross border regulations or does it operate in a domain that is currently undergoing regulatory changes? Consider other legal and regulatory aspects that will impact your governance and compliance requirements such as environmental and workforce legislation.
• Assess your resources: Do you have the necessary time, human and financial resources to implement, maintain and report on operations to ensure compliance and assess risk? Will current or future growth necessitate the employment of a full-time GRC professional, the establishment of a compliance team or the outsourcing of these, depending on the size of your operation and the level of compliance required by your operational environment? Acknowledge that outsourcing does require risk assessment and vendor vetting.
• Leverage resources: Look to technology to meet needs by subscribing to an online platform that not only provides the necessary “Tick Box” checklists, workflow systems and capabilities but ensures access to up-to-date resources, data and legislation providing peace of mind that all aspects of GRC are covered. Opt for a system that gives the option to add on modules as required due to operational expansion, provides insights to help assess and manage risk and keeps GRC professionals, management and board members informed and able to act with efficiency.
“An effective GRC protocol provides the necessary tools to effectively manage this essential, resource-intensive function within a business, preventing reputational damage and avoiding falling foul of the law,” says Stramrood.