Entrepreneurs don’t develop up daydreaming about danger administration and compliance. Personally, I by no means gave governance, danger or compliance (GRC) a second thought exterior of creating certain my crew accomplished required compliance or phishing coaching infrequently.
So, once I was tasked with main the General Data Protection Regulation (GDPR) compliance initiative at a earlier employer, I used to be removed from my consolation zone.
What I assumed have been going to be a couple of, small necessities concerning how and once we despatched emails to contacts primarily based in Europe shortly was an entire overhaul of how the group collected, processed and guarded personally identifiable data (PII).
It’s a danger chief’s job to facilitate conversations round danger and assist information enterprise unit leaders to discovering their very own danger appetites.
Because it turned out, I had utterly underestimated the scope and significance of the challenge. My first mistake? Assuming compliance was “another person’s subject.”
Threat administration is a crew sport
No single danger chief can alone assess, handle and resolve a company’s danger cap. With out energetic involvement from enterprise unit leaders throughout the corporate in advertising, human assets, gross sales and extra, an organization can by no means have a healthy risk-aware culture.
Leaders profitable at creating that tradition instill a company-wide crew mentality with well-defined goals, a transparent scope and an agreed-upon allocation of accountability. In the end, you want buy-in much like the best way a soccer coach wants gamers to purchase into the crew’s tradition and performs for peak efficiency. Whereas the corporate’s danger managers often is the quarterbacks in the case of GRC, the crew gained’t win with out key performs by linemen (gross sales), working backs (advertising) and receivers (procurement).
It’s a danger chief’s job to facilitate conversations round danger and assist information enterprise unit leaders to discovering their very own danger appetites. It’s not their job to outline acceptable ranges of danger for us, which is why CMOs, HR and gross sales leaders don’t have any selection however to take an energetic function in defining danger for his or her departments.
Shifting my view on danger administration
If I’m being trustworthy, I solely used to consider danger administration by way of asset safety and price discount. My crash course in danger accountability opened my eyes to the various methods GRC can truly pace offers and moreover, drive income.