Irish organisations are operating in a rapidly changing business environment. The war in Ukraine, the lingering aftermath of the pandemic, and the shift to new ways of working all give rise to new risks, including cybersecurity threats. Boards must respond with an intensive focus on governance, risk, and compliance (GRC) as a means of achieving organisational goals at a time of increasing uncertainty.
Boards should view these challenges as opportunities to verify the effectiveness of existing GRC arrangement, to foster continuous improvement efforts and to drive progress toward a holistic GRC management system environment that helps drive long-term value and resilience.
Keep reporting on track
It is the role of the board to monitor management’s performance against the strategic objectives of the organisation, and to understand how risk and uncertainty are impacting the organisation’s ability to achieve those objectives. Regular, timely and comprehensive management reporting allows the board and the audit committee to continuously monitor the appropriateness of the design, and the effectiveness of GRC systems.
The COVID-19 pandemic, in particular, has demonstrated the importance of GRC systems for addressing critical situations, such as health risks, business interruptions, breakdowns in supply chains, and financial losses. As a result, organisations have had to act fast and, in many cases, had to rethink their approach to operational resilience.
Data breaches pose regulatory and reputational risks to Irish and European organisations. Organisations that have insufficient security solutions to protect their systems, networks and data can potentially be fined up to €20m or 4% of their annual global turnover under the General Data Protection Regulation (GDPR).
And the risk level continues to rise with 77% of the respondents to the EY Global Information Security Survey 2021 saying their organisation had experienced a rise in disruptive threats over the previous 12 months.
Need for integrated GRC systems
Overall, the events of 2020–21 have highlighted the necessity for organisations to adopt integrated GRC systems to support the achievement of organisational goals, effective emergency management and a culture of integrity during times of uncertainty. By adopting integrated GRC systems organisations are more likely to respond and recover effectively from crises and transform potential problems into business advantages.
Failure to adopt an integrated approach to GRC can undermine the board’s ability to provide effective oversight on risk and controls, and lead to potential exposures that could jeopardise the organisation’s ability to continue as a going concern.