Large organisations need governance models and risk policies with company-wide standards that are easily applicable throughout the business. But how can you set standards at an enterprise-wide level without eradicating autonomy at a business unit level?
Getting company-wide support is key to any large-scale business change and developing a new governance model or improving an existing one is no different. Any new approach should be based on an efficient, effective and consistent process for developing requirements and standards that can be applied across the organisation.
What are members doing?
Our members – CROs and risk leaders from large corporations across the world – are collaborating across a series of meetings on organisational governance frameworks, sharing good practice and working together to produce a best practice framework accessible on our Intelligence platform that considers:
Overarching document framework and hierarchy
Principles for setting mandatory requirements
A “policy for setting policy”
Accountabilities for developing and maintaining controlled documents
The use of technology or systems for supporting the framework
Within the network, members are discussing current efforts to establish governance models with just the right balance when it comes to global versus local standards. Many of these companies are in the early stages of redesigning their governance models with this aim.
Members have access to good practice approaches already shared by other members on our Intelligence platform. Here, we summarise just some of the key findings.
Get the right people involved
The importance of getting employee input as part of any attempt to redesign global governance – and indeed any risk transformation programme – seems key for many risk leaders.
In addition to supporting the communication of new standards or requirements, this will help boost visibility, enabling the risk team to ensure the governance model is useful and effective for all parts of the business.
Employees can participate in this process through workshops designed to allow them to discuss important issues and concerns. While this can be time consuming, some of our members gained high-quality information from such an approach. In fact, many found their colleagues were more than happy to share in this way - one-on-one meetings lasting several hours were even requested by some employees.
Networks made up of business unit champions can also help to gauge progress and relay governance information in both directions. Similarly, installing senior risk team members at department or business unit level can provide greater visibility of how standards and requirements are being received, understood and adhered to throughout the business.
For some of our members, tying the organisational governance model more closely to their company’s three lines of defence is a major aim of the redesign process. One company hopes to categorise requirements and assign ownership to second-line employees. These owners will then be responsible for defining top-down requirements and aligning them with local requirements.
This will ensure global standards are fit for purpose locally. In addition, embedding this kind of two-way communication within the governance process will help the risk team to detect and manage any variations to global standards that may crop up at a local level.