"Do you want fries with that?"

My first real job was at McDonald’s shortly after I turned 16, and one of the mottos there was Clean as you go. What does this mean? At McDonalds, it meant you never let your hands or feet be idle (unless you were on break). If you weren’t cooking or if you weren’t busy taking or filling an order, you were cleaning, stocking, sweeping, mopping, taking out the garbage, or doing whatever else to prepare for what might be next. And, of course, always keeping things as clean as possible.

Fact is, I don’t recall ever asking, Do you want fries with that? to any customer. That phrase seems to have been the unofficial motto of McDonald’s for decades. But I do remember thinking Clean as you go almost constantly. If I didn’t clean as I went, I risked having a manager ask me (or tell me) to clean up, and I did not want that to happen. It wasn’t that I minded cleaning up; it’s that I wanted to avoid – you could even say manage – the risk of having my manager call the need to my attention.

This leads me to the topic of Risk Management. It goes hand-in-hand-in-hand with Governance and Compliance. Together, they create the acronym GRC. Every company, no matter its size, needs to think about GRC to some degree. In the simplest of terms, think of governance as rules, compliance as following the rules, and risk management as the identification of potential issues or events, which, if they were to arise or occur, would pose a risk to obeying the rules. Managing the relationship between the three sounds simple in theory, but it can be quite complex in reality.

Particularly in larger organizations, the complexity in the relationship is typically the result of different parts of the business maturing at different rates, as well as being resourced – inclusive of People, Processes, and Technologies – at different levels and at different points in time, based on past business growth and priorities, and in what sometimes seems like completely separated functional siloes. An integrated GRC program either eliminates these siloes or prevents them from operating completely independently from each other, enabling common processes, taxonomies, and technology infrastructure to both streamline risk and compliance efforts and build a risk-aware organization.

The cultural impact of an integrated GRC program can be tremendous. The corporation sees managing risk – or, cleaning as it goes – as a key ingredient to business success, not as a deterring obstacle for progress. So how does a company best go about building an integrated GRC program across these siloes?

Given the low success rates of most in-house corporate GRC programs, GRC as a Service (GRCaaS) is the best route to follow, and thanks to my industry connections, I can help. When operated with a focus on business needs first and functional needs second, GRCaaS can empower the transformation of GRC in to a competitive advantage with best practices and high quality, but without burdening and disrupting clients with implementing new technologies and adding or reallocating headcount. As a managed service, it can provide GRC tools, expertise, and standards in a cohesive program, with custom processes and applications designed for high performance, accuracy, and efficiency based on a client’s unique organizational culture and risk tolerance.

Bringing governance, risk management, and compliance activities together in a managed service not only expedites their integration while maintaining focus and efficiency, but also creates a competitive advantage. To get started down this path, gimme a holler.