Governance, risk, and compliance are terms that have a lot to do with each other, especially in the context of BPM, where risk management, information transparency and process implementation inside set rules, are basic guidelines.
To understand more about governance, risk and compliance, and how they interrelate in the context of process management, we need to understand each of these concepts better, studying their most accepted definitions.
Definitions of governance, risk, and compliance
Corporate governance and process governance
Corporate governance can be defined as a system used by organizations to manage, monitor and motivate themselves to achieve their goals with full control and recognition of their abilities and skills.
It involves the relationship with various stakeholders, such as partners, shareholders, the board, non-governmental organizations, the management team, regulators and financiers, the community and employees, among others.
The objectives of corporate governance can be summarized as follows:
- Converting principles and company values into real rules.
- Formally aligning the interests of stakeholders.
- It provides a sustainable economic value of the company over the long-term.
- Facilitating the company’s access to resources.
- It improves the business and management conduct of the company.
- It promotes the common good of society.
Process governance is a more particular concept.
We can say that process governance is to lay down rules and guidelines for the administration and execution of processes in an organization, determining those that are to be responsible and the roles of each process employee, with the following objectives:
- To optimize processes.
- To eliminate inefficiencies.
- To determine the risks.
- To define risk prevention and contingency initiatives.
- To achieve the strategic goals of the company.
- To completely meet customer’s expectations, whether internal (process) or external.
The risk is the possibility that loss, damage or failure will occur and, on the other hand, the opportunity to advantages or benefits happening for the company, analyzed from the perspective of their magnitude, that is: what is the likelihood of particular risk and what are the consequences?
Note that the concept of risk is not always negative, it can mean an opportunity as well!
But risk management is a process. It aims to make the most of the advantages and minimize the adverse impact of risk in the company through planning, organization and the management and control of human resources or business matters.
The risks (positive or negative) can affect value creation in the company, there is a direct relationship with process governance and compliance, as we shall see.
The main downside risks that can have an impact on a company are as follows:
- Systemic risks: information systems being inefficient, inadequate, obsolete, with many failures.
- External risks: factors beyond the company that interferes with the internal environment, such as climate, infrastructure failures, political events, international conjunctures, etc.
- Personnel risks: when employees are not prepared to meet the needs and achieve the strategic objectives of the company.
- Process risks: when the business processes do not match the performance that must be reached.
As we said, governance, risk, and compliance are closely linked, as will become much clearer on this topic.
In a more objective way, compliance means every company has to dutifully comply with the laws, supervisory determinations, regulatory bodies, government agencies, and especially internal guidelines determined by governance like ethics manuals, company values, and risk prevention standards.
A compliance example often used by businesses is to obtain ISO certifications. It guarantees many types of compliance with rules that not only bring more support and value to the company but provide processes that respect well-known techniques and adequate standards. Also, it shows to the society that the business has values, such as compliance with the environment, ethics, accounting standards and others.
As you can see, governance, risk, and compliance are issues that have many points of contact with each other and must be addressed together in a company.