I’m currently working with an organisation who have an established operational risk management programme. They have functional risk registers which are updated on a regular basis. They have project risk and issue registers for their key change programmes. They produce a consolidated 5×5 risk matrix of the top scoring risks for escalation through governance.

You may have heard the term Governance, Risk, and Compliance (GRC). Most people recognise the individual terms but may not appreciate how they work together. GRC not just an acronym or a tick-box exercise. GRC is an umbrella that brings together a number of capabilities so they work seamlessly together to deliver company objectives.