GRC covers both, regulatory and non-regulatory standards. But it must be noted that a major portion of GRC is driven by non-regulatory standards. Especially subjects like, corporate governance, industry practices, business practices, customer data, executive compensation, environment risks and the list goes on. And this is applicable to PropTech as well, given its connect with property and the built environment. For instance, a basic preventive maintenance process would form part of the GRC for PropTech, so also Operational risks or Environmental, health and safety impact.
Companies often do not pay enough attention to the non-financial GRC or to the Operational GRC. If one looks around, one would find that most organizations invariably, do not have a chief GRC officer or a Risk officer or even an internal auditor. The finance department is generally alluded to as the de facto custodian of Risk and Governance. And in such an environment GRC cannot play a strategic role or have any influence on the business objectives.
Financial GRC is pretty much straight forward. There are a definite number of regulations and regulators to deal with. And the resources to deal with the topic are available at hand, be they accountants or book keepers. There is a well-oiled machinery at play in the finance department probably with a single software used by each one in the department. On the other hand, Operational GRC is completely different. There are multiple standards and multiple regulators to deal with, in the government and out of it, within the organization and with the co-existing environment.
Maturity @Operational GRC is not at the same level. Qualified or skilled personnel to run an OpsGRC seamlessly, are either partial or non-existent. A typical scenario from a board room maybe that the risk being discussed has a huge operational tint to it and the people addressing the problem have no connect with Operations.
GRC plays an all-encompassing role for the business. Quick demarcations basis skills and precise governance will benefit the business immensely in capturing risks quicker and with faster turnarounds.
A good starting point therefore, could be, to clearly demarcate the GRC responsibilities and accountabilities between the Finance cum regulatory and the operational cum non regulatory functions.
