Leaders must increase organizational capabilities or face obsolescence

We all know the importance of strong governance and leadership to survive in any business.  However, a decision maker is only as good as the intelligence he or she receives to make decisions, and the resources he or she possess to execute the decision.  Most of our organizations possess the pieces to this equation but few truly leverage them for optimal success. Most educated estimates reflect a very low (less than 50%) rate of true goal accomplishment.  We can all argue the statistics but how many of us can look at our personal and organizational execution levels and agree they are truly as high as we hoped? While leaders have always dealt with change, the pace and degree of change transforming the financial services landscape has never been more significant nor required such large (and risky) bets for which to position your organization for future success.

Just as we always have, leaders must increase the organization’s capabilities to deliver within the constraints and uncertainties of these new realities. Governance, risk and compliance (GRC) processes are an increasingly growing and important business capability in meeting these demands. GRC programs are simply a set of capabilities that when adopted and integrated assist in the execution of organizational goals in a way that meets the organization’s values, mission and legal requirements.

Major Components and Business Value Attributes

Board & executive intelligence, decisioning and control
  • Proactive and holistic view of previously unknown information, risks and opportunities
  • Added ability to make well-reasoned, risk-informed decisions and identify new opportunities
  • Greater assurance that the organization is effectively operating within the boundaries of risk appetite and expectations
Risk Optimization
  • Proactive and holistic understanding of risk
  • Increased ability to minimize uncertainty, limit undesirable exposures and elevate returns on risk taken
Integrated risk, compliance and assurance processes
  • Improved efficiency and effectiveness of individual programs through elimination of duplicative efforts, pooling and analysis of data, and central coordination
  • Improved compliance resulting in fewer audit and regulatory findings and enforcement actions
Resource utilization and alignment


The key to value comes from treating risk, compliance and assurance processes as a business unit with expectations to drive real business value and directly assist in the successful completion of organizational goals.  This is a major departure from the siloed programs today that focus simply on meeting an individual goal, most commonly just a regulatory checklist.

Organizations which mature in their capabilities around GRC will improve the agility for which they can utilize to position themselves regardless of the uncertainties and complexities of the future. To begin to understand and initiate change it is good to take stock in where the biggest needs exist within your own organization.

Questions you should ask about your credit union’s GRC capabilities:

*Norman Marks, “How Good Is Your GRC?”

  1. Are goals and strategies to achieve them clearly established and communicated across the organization, so that there are common goals and objectives?
  2. Does the organization work in harmony, sharing information and working towards shared goals?
  3. Is there integration between strategy-setting and risk, performance management and risk, budget and strategy, strategy and compliance, etc.?
  4. Are functions/processes/systems fragmented, inhibiting performance?
  5. Does the organization have a culture that embraces performance, intelligent taking of risk, and compliance with laws, regulations, and society’s expectations?
  6. Is performance measured and rewarded consistent with delivery of value, achievement of objectives, and organization values – long and short-term?
  7. Does management (at all levels) have quality, reliable, timely, current, useful information readily available when and where they make decisions?
  8. Is there a reliable view of risk across the organization?
  9. Is the voice of risk heard?
  10. Does compliance ‘chase the bus’, or is it part of strategy-setting and initiative decisions?
  11. Does the board receive timely, quality, reliable, current, and useful information to advise on strategy, monitor executive performance, and function effectively?
  12. Does the board have continuing assurance of the above?

In the end, whether called GRC, ERM or something else, these capabilities are a must for organizations who hope to thrive in tomorrow’s competitive marketplace.  Those who build a roadmap and begin maturing their capabilities will not only capture the immediate process improvements and efficiencies noted but will create a sustainable competitive advantage that will assist in the identification and achievement of the organization’s strategic goals.

I encourage you to learn more about GRC at CUNA Governance, Risk Management & Compliance Leadership Conference. Reshape your credit union by integrating governance, risk management and compliance to increase decision-making intelligence, reduces costs, discover opportunity-focused initiatives and eliminate redundancy.

Author: Tony Ferris, speaker at CUNA Governance, Risk Management & Compliance Leadership Conference and Co-Founder/CEO of Rochdale Paragon Group