Has Governance, Risk and Compliance gone South?

February 14, 2017 BY Frank Chin from iTGRC.Asia

Met an old friend who run a service organization, a fairly large organization with more than 5000 employees. Understood some challenges from him and decided on a Governance assessment.  ...

Overrun of Governance, or a different connotation of Governance

Met an old friend who run a service organization, a fairly large organization with more than 5000 employees. Understood some challenges from him and decided on a Governance assessment.
On the day we setup the first meeting, it was a workshop indeed I sat down with few of his senior executives. They each represent their department from Information Technology, Procurement, Operation, Human Resource and Special project groups. Discussion was highly interactive. As an independent executive advisor, I was intensely engaged with rounds of dialog. As time clicking by, I begin to observe their form of cultural and leadership behaviour, the executive authority, all of which amount to a syndrome of governance concern.
It begins with a highly energetic senior executive who sits in the role of managing the department heads, HOD. As part of her aspiration she constantly pushes for improvement and new changes which are deemed true to the organization health of its value preposition. Without too long, each of the head of departments begin to experience challenges in getting themselves aligned with their leader. Consciously or subconsciously they begin to lose traction of the organization and each starts to exhibit different leadership behaviour and attitude. 
From rounds of dialog on the same week, it came to me that the reality is not what was being apprehended from day one which construes the governance concern, a couple of others appear more apparent. 
The motivation of the constant changes striving for better performance, higher accomplishment has alluded everyone to a different organization dynamic. With an aggressiveness to drive multiple changes through, the leader of the HOD begins to introduce third parties to support her plan within the organization. In concurrent, number of exception approval has displayed an upward spur. As the pressure continues to build up and surround those departments upon her responsibility, a form of withdrawal syndrome surfaces; the department heads struggle with their accountability, responsibility and decision making right. It becomes conspicuous when projects that come under their departments get redirected or assigned to the appointed third parties introduced by the group head, in the name of "different blood and reducing burden of friction". An instance of an operation project, which aimed to implement the organization workflow strategy was routinely routed through the relevant stakeholders (the HOD ) for independent review of Objectives and Alignment, validation of Risk & Compliance requirements prior to final approval from each of them. Instead, it was later become a consensual view that they decided to leave it in the hand of the group head for final approval. Implicitly, this exhibits a lack of an element that helps ascertain independence, and undeniably a valid case for a cause of concern over executive authority. 
On the same note, exception approval beyond department head authority has, in parallel increased tremendously compared to the history. It was enacted without a formal approval committee although a change management exists but was several times ignored and overwritten by higher authority. 
In the nutshell, we see a negative influence of manipulation; an increase of workload that pushes beyond the boundary of a normal management protocol which causes an organization fatigue, thus leading to the negligence of an appropriate exertion of authority. I can leave the rest to one's imagination.
"Change", is the only constant if it's in your dictionary. No doubt there are essential components of Governance, Risk and Compliance as it seems to be, when it runs without a discerning touch of an experienced Governance design, be it IT Governance, Procurement Compliance, or Business Risk & Controls an organizations will eventually face backlash, or it may even suffer the consequence of a stage "where good people who make sound decision, possess good understanding of their subject matter and who commits to the company" begin to vaporize.