GRC Thinking Step 1 – Understanding the Organization and its risk and compliance profile

Simply put, understanding the organization consists of understanding both internal and external context with regards to the purpose of the business system being managed.

Internal context may consist of the company’s missions, core values, vision, objectives, direction, organizational and contractual obligations. We need to understand and identify how this system ties in with the organizations overall goals, how it can support these goals and what other internal factors are in place that may affect the system.

The Illustration below shows how we apply this First Step of our “Simplifying GRC in 5 Steps” thinking

GRC Thinking Step 2 – Understanding the people and the governance, risk and compliance structure in the organisation

It is often said that organisation roles and responsibilities are the foundation of any successful business no matter how large or small. Employees that understand their roles in a business organisation and see where they fit in the hierarchy of decision-making and authority, are more likely to perform their jobs well and feel secure in what they’re doing.

We would agree with the above statement but go one step further and say that people are the most important assets of an organisation. However an important thing to bear in mind is that due to their importance there needs to be an organisational culture that inculcates and creates an environment that frees the talents of people so that they become a team of people who naturally want to grow through their own personal contributions for the better of the organisation as a whole.

This is how employees become enabled because when they see that their contributions are regarded as important to management’s decision-making process, they feel they are part of the bigger picture and not just a number. Having been a Management Consultant for over 20 years with many different companies I can attest to this.

Where I have achieved the highest levels of success through my own contributions has been in Client projects where the project team understand that the goals of project align with the strategic goals of the Organisation. This because they already know they are part of the bigger picture by being part of an organisational culture and environment that inculcates and creates employee enablement where they feel enabled to contribute.

Therefore, at Synergygrc we have adopted the People-Process-Technology approach as central to our business philosophy. When we engage with Clients as part of our advisory services, we help in the development of sustainable business strategies, goals and objectives for the benefit of both their internal employees and external stakeholders. This contributes tremendously in our journey with the Client as we look deeper into the governance structure and organizational processes.

It is here where we begin to look at the companies processes to ascertain the linkages to the company’s strategies, goals and objectives and how they are disseminated to the processes. We do this by carrying out a Process Gap Analysis that visualizes and maps the processes in place incorporating roles, responsibilities, standards, guidelines and procedural requirements.


As management consultants we find it is always important to ask the right questions when engaging with our Clients, but at the same time make sure that the questions are based on active listening and are pertinent to the discussion. Peter Drucker famously said, that “My greatest strength as a consultant is to be ignorant and ask a few questions.”

Pertinent questions can only come from active listening. There are 3 Pointers we keep in mind when asking questions to our Clients;

  • We need to be thoughtful
  • We must reflect on the Clients position
  • We must explain why we are asking (explain the context of the questions)

These pointers work in any Client engagement whether one to one or one to a group. Regarding listening here are some things to remember that can be impressed on the Client if they pick up that you are not listening to them;

  • You do not care about them.
  • You think you understand them before you know them well enough.
  • You answer their problems, but they have not fully explained what their problem is.
  • You cut them off before they have finished speaking.
  • You finish their sentences for them.

Many of our questions are structured through a gap analysis process that we carry out with Clients that assists us in recommending the best fit systems and technology solutions. It’s always best to see a gap analysis as a guidance process rather than asking questions exactly as listed on a checklist. This implies as consultants we need to think broadly about the answers we are looking for and more laterally about what other questions we need to seek answers for. When we apply this in action it serves three purposes;

  • Gets to the facts
  • Assists the Client to think differently about the situation
  • Allows the solution to be discovered

What’s important as an outcome for us is that whatever the situation the solution must not be based on our own bias. Dogbert the famous character created by Scott Adams illustrates this humorously.


When we look at the solutions the outcome must be one that addresses a real need. For example, help to improve the quality of policy or program decisions—thus leading to improvements in performance and the accomplishment of desired results.

Similarly, the results of a gap analysis must guide subsequent decisions regarding recommendations of best fit systems, improvements and technology solutions that will lead to achieving desired results.

In conclusion asking the right questions is productive, positive, creative, and can get us to the to the answers that address the real needs. Many people do believe this to be true but still struggle to achieve results. Perhaps one of the reasons for this is that effective questioning requires it be combined with effective listening.

“To raise new questions, new possibilities, to regard old problems from a new angle, requires creative imagination and marks real advance in science.” - Albert Einstein

Step 4 – Recommending best fit GRC management systems and technology solutions

In this Step we cover how we assist organizations to define their strategy and understand their processes then recommend the right GRC technologies that provide the information and technology architecture to enable the strategy and process and not handicap it.

Risk is Important

Risk is arguably the most important element of GRC because it sets the framework for how a organization should tackle governance and compliance, including the controls needed to be put in place as well as how they’re governed. Risk management also happens to be one of the biggest obstacles for organizations today because it requires that you know where business-critical assets are and what the risk profile is for each. In a world where organizations are battling complex infrastructures and endless data sources, this is a tough thing to master.

What is GRC?

But to implement a GRC strategy, you first must understand what GRC is:

  • Governance: What and how well an organization does what it does and why.
  • Risk Management: Understanding where critical data, processes and operations are housed, along with an understanding of the organization’s appetite for loss.
  • Compliance: Controls an organization implements to achieve compliance mandates.

Each of the core disciplines – Governance, Risk and Compliance – consists of four basic components: strategy, processes, technology and people. The organization’s risk appetite, its internal policies and external regulations constitute the rules of GRC.

The disciplines, their components and rules are merged in an integrated, holistic and organization wide manner and aligned with the organizations operations that are managed and supported through GRC. In applying this approach, organizations can achieve their objectives through ethically correct behaviour, improved efficiency and effectiveness of any of the elements involved

Integrated GRC Programs

A GRC program can be instituted to focus on any individual area within the organization whereas a fully integrated GRC program is able to work across all areas of the organization, using a single framework.

The GRC Technologies can be broken down into 3 main areas

  • Integrated GRC solutions (multi-governance interest, organization wide)
  • Domain specific GRC solutions (single governance interest, organization wide)
  • Point GRC solutions (relate to organization wide governance or organization wide risk or organization wide compliance but not in combination)

We come across all 3 of these and more commonly what we recommend with Clients are Integrated GRC solutions because an integrated solution aims to unify the management of these areas, rather than treat them as separate entities.

An integrated solution can administer one central library of compliance controls and manage, monitor and link them to every associated governance factor. For example, in a domain or point specific approach, three or more findings could be generated against a single activity. With the integrated GRC solution because it has an integrated relational database recognizes this single activity but will also relate it to any number of mapped governance factors applicable, for example; Quality, Health and Safety, Business and Information Security and Environmental Sustainability among others.

In Summary

In a growing regulatory environment, higher business complexity and increased focus on accountability has led companies to pursue risk and compliance initiatives across the organization. However, these initiatives if uncoordinated in a company where risks are interdependent and controls are shared can lead to gross inefficiency, duplication of efforts and a silo view of the company.

GRC Technology solutions systems through control, definition, enforcement, and monitoring can coordinate and integrate these initiatives and address the above-mentioned issues. Based on this our goal is to work with Clients to determine what is the best purpose fit or best of breed GRC Solution that will meet their needs at an investment that will provide them with a solution that assists leadership to make informed decisions with access to intuitive and predictive information analytics*

Step 5: Moving the business forward with intuitive and predictive information analytics

Businesses currently have access to more data than ever before but utilizing this data to provide actionable and informed decision is the challenge many organizations face. Business intelligence therefore plays an important role by converting the data into useful information that can be used to inform business decisions and improve company efficiency and performance.

Predictive analytics tools play a crucial role in optimizing and improving business functions and processes across the whole of the business as it they make sense of big data and other sources to predict future outcomes.

The example diagram below (Figure 1) illustrates the importance of analytics to the whole of the business’s operations.


Figure 1

Historically analytics have been in the main descriptive as opposed to being predictive. Descriptive analytics are important for understanding the past, predictive analytics are vital to the success of a company both now and in the future as the following diagram (Figure 2) shows pictorially.


Figure 2


Historical data is collected and converted into relevant information that can to a point inform business decision making and make some impact on performance. This form of analytics has limitations when it comes to forecasting because it is descriptive.


Predictive analytics work through a specific sequence of modeling the data, training the data model, and drawing accurate predictions of future outcomes. This enables businesses to create and test hypothesis using the data models. Through this process, companies can create accurate models of future outcomes. Being able to forecast future outcomes accurately brings immense benefits for businesses.


 Using our example in Figure 1 let’s explore some examples where predictive analytics can help:


For businesses the capability to accurately predict the needs of customers is a fantastic opportunity. With the help of AI technologies and predictive analytics, companies can shift their marketing away from informed guesswork towards an accurate prediction of customer needs drawn from data.


When businesses look to bring new products and services to market, there are plenty of variables that can affect the design stage and success of the final product. Companies often resort to guesswork when estimating project length, budget, and customer demand.  Predictive analytics helps businesses overcome these design pitfalls and provides several other benefits:


Predictive analytics tools can help companies verify the concepts for new products and services, assisting the design team in testing and refining the design and launch process to ensure the product is the best it can be before reaching customers.

Product Development Management

Predictive analytics can provide the insights needed to create an accurate roadmap for bringing products to market – providing accurate information on the current state of the product, what the product should look like and what is needed to reach that result.

Market Potential

A key benefit of predictive analytics for businesses is to accurately predict the demand and market potential for products and services before they go into development, reducing costs, and improving efficiency. Businesses can estimate how a product will be received by customers at the concept design phase by being able to predict demand and feasibility before moving to the next stage of development where a more significant financial investment is required.


Pricing strategy is an area where businesses can see fast results and tangible return on investment from the implementation of predictive analytics. Drawing from historical pricing information, current market trends, competitor pricing data, and other sources of data, predictive analytics can help companies optimize future product pricing for maximum profitability.

Predictive analytics empowers companies to delve deeper into customer segmentation, product information, and purchasing situations. Through analyzing this data, companies can identify trends and patterns to inform and optimize pricing for maximum profitability.


The key to efficient budget setting allocation is to identify which platforms and channels are delivering the best results for ROI. Predictive analytics can be used to analyze data according to the KPIs for marketing goals, highlighting which channels and platforms are performing efficiently and which are not.

The marketing channels and platforms that are offering below expected performance are identified and can be allocated a smaller percentage of marketing spend, lifting the overall average of marketing spend by allocating more budget to the channels with the best performance.


It is vital for businesses to gain an understanding of how the market and customer preferences are likely to change and evolve moving forward. The value of any product is built upon the worth customers place on it. It’s important that businesses how customer product demand is changing and ensure they are fulfilling the demands of the customer now and in the future.

Predictive market analysis enables businesses to utilize all the available data to understand the current and future trends that will shape the market. With this information, businesses can create a strategy that will position them to take advantage of opportunities, increase market share, and be robust to disruption and new competitors.

Predictive market analysis can reveal how customers perceive a product or service, and the customer needs that have yet to be satisfied by the business or its competitors. Predictive analytics empowers businesses to understand their target audience better, increase the connection with customers by meeting their needs, and identify areas for additional revenue and growth.


While the capabilities of predictive analytics are already here, most businesses are still in the early stages of adopting and utilizing this technology. However, this form of accurate and fast business intelligence will be the crucial differentiator between success and failure moving forward. There are plenty of reasons to embrace predictive analytics, but perhaps the most convincing argument is the simple fact that it is a way to predict future outcomes. While descriptive analytics provides conclusions drawn from past events, predictive analytics provides actionable insights for businesses looking to serve their customers better both now and in the future.

For more information contact us at


Resource Search


Get every new article on your e-mail