Finding GRC


Pixar recently revealed a list of “Easter Eggs” for its films, which basically confirms that all of our favorite Pixar films such as Cars, Brave or Toy Story are connected and part of one big happy, movie family.

The Easter Eggs are hidden–or sometimes not so hidden–surprises within each film that provides a reference to another movie. So, Lotso–the strawberry-scented bear who ruled with an iron fist and Southern accent at Sunnyside Daycare in Toy Story 3–can be seen lying on a child’s bedroom floor as the house in Up ascends past her window into the sky. Boo from Monster Inc. has a Jessie doll from Toy Story 2 in her toy collection, and Riley from Inside Out is standing at the aquarium in Finding Dory.

But that got me thinking. The Pixar team carefully created and plotted to make sure that the eggs were planted in the various films, and ensured the connection was made, even if only known to the Pixar creatives. It seems to me that in our family of stuff–not family films—but the umbrella of governance, risk and compliance (GRC) that we deal with in our businesses— we must be sure to do the same thing.

GRC should be a well-coordinated and integrated collection of all capabilities, and should breaks down silos between the major players—or actors–in the compliance realm: governance, strategy, performance management, risk management, compliance management, internal audit and other departments— to ensure that they work together.

When GRC is done right, the benefits accrue. Organizations that integrate GRC processes and technology across all or many silos have:

  • Reduced costs
  • Reduced redundant or duplicate activities
  • Reduced impact on operations
  • Achieved greater information quality
  • Achieved greater ability to gather information quickly and efficiently
  • Achieved greater ability to repeat processes in a consistent manner

When GRC activities are not connected, there can be trouble. When these activities are siloed or treated as their own movie, it is highly likely that wrong or counter-productive objectives will be established, sub-optimal strategies will be selected, and performance will not be optimized. Unfortunately, these departments and programs are often siloed, ineffective and yield troubling drawbacks such as:

  • Lack of visibility into risks
  • Inability to address third party risks
  • Difficulty measuring risk-adjusted performance
  • Too many negative surprises

So, perhaps the best way to approach GRC-related activities is to make sure to take a step back and look at the whole picture. Develop a plan that contemplates incorporating and connecting key processes across business functions and units.

Be sure to watch the Pixar clip and prepare to be blown away (my kids were totally blown away by this).