- Many business consultants and “gurus” teach a complex process that only resolve one specific problem.
- Businesses seeking lasting success should focus on forward strategies & processes managed by: Governance, Risk Management, and Compliance.
- Governance and Compliance ensure performance with checks and balances while Risk Management represents a proactive measure.
Many business consultants and “gurus” explain complex process workflows that only solve one particular issue 😫
These solutions are frequently promoted as formulas that, when followed precisely, will unlock the infinite money cheat for any person or business. Regrettably, one size does NOT fit all.
The fundamental processes that need to be in place for the business’s long-term success are missing. Regardless of industry or offering, the best approach business owners can take for lasting success is to focus on their own processes. The core activities & behaviors that operate your business.
At the core of any process comprise these three components: Governance, Risk Management, and Compliance.
Governance is the system(s) put in place to make sure one role does not possess too much power. Not even in an insidious or diabolical sense. Accurately, too much “power” or “control” in a certain area of business for one role can place the business at risk (we talk about risk in the following section.)
Reporting is the most commonly used means of governance. While reporting is only one tactic for governance, choosing this strategy means you have clean/trustworthy data to analyze and act upon. If business data is flawed, this makes governance harder to achieve. Reporting should be designed to be simple and easy, if not totally automated. Otherwise, the human element will sway towards not doing it, or doing it sloppy.
Lastly, choosing the right data points is equally critical for solid governance. For some elementary processes, the data point might strictly be a “Yes/No” this was done. Other elementary processes may need more governance than that. For a prime example of this look at the food service industry. Keeping food fresh is important for quality and to prevent causing people ill. Frequently, things like sauces will be prepared in large quantities. However, for governance, a sticker with an expiration date or time will be placed on the container containing the sauce. This way everyone recognizes when it is no longer responsible to serve.
Other non-reporting-based systems of governance can be straightforward, like dividing project work between two people (for example, to generate a target customer profile). The systems can additionally require more complexity such as when managerial approval is required for a significant change. There isn’t necessarily a report of these things. However if the process/method is written down somewhere & established, this can establish a source of truth for all involved. The group will govern itself on this particular process until formal reporting is needed (if ever) assuming the Risk Management and Compliance are being addressed.
There will invariably be risks when running a business and there are ways to mitigate them. The second component of any process is risk management. These are the meta-processes used to identify, analyze, and respond to risks that might adversely affect an organization. Payment processing companies like WePay represent a notable example of how companies manage risk. These businesses utilize processes (before an account is extended) to aid them & assess the likelihood of payment disputes plus an organization’s ability to manage them. They also continuously monitor active accounts and sustain meticulous processes for governing those that do not follow the rules. Payment processors manage their own risk by managing the risk with their clients.
Not every shot in an action movie is an exploding car. Business is the same way. Things can be thrilling from time to time, and generally things are humming along. Risk management remains the proactive stuff you can do to ensure that when things get exciting you don’t blow up with the car 👀
A simple example of risk management is giving a user access to different software accounts.
This can be done in a few ways. And each way can be broken down into a Standard Operating Procedure (SOP) of steps. At the end of it all, the user has access to the software they need.
Where does risk management come into play? Imagine this scenario…
A recent hire is onboard and needs access to a social media account. Which situation is less risky as far as granting access?
Option A – Share a username and password to an existing Facebook account
Option B – Grant access to the recent hire’s existing Facebook account
The first option is extremely risky. Primarily if you have multiple people logging in through the same username/password. This makes it nearly impossible to identify who caused what, such behavior can trip spam filters and impact the account overall. Plus, a disgruntled employee could potentially utilize that information for nefarious mischief.
The second option allows you to give this user access as a user. Even if they don’t have an active Facebook account, make sure the new hire onboarding includes an appendix. This can handle how a recent hire should configure an alternative Facebook account with their company email. This way they can nevertheless gain proper access. In that case, this produces another layer of risk mitigation: upon deactivating their email address (during offboarding) they will no longer be capable of resetting the password for that account.
Risk Management needs to be built into the DNA of your processes. For the new hire scenario above, the SOP steps would go through option B. This completely side-steps all the nonsense that comes with the riskier alternative. Once the SOP is live, it becomes an exercise in maintenance and repair. Over time things change and SOPs may need to be updated for one reason or another. Out of all the three components of a business process, Risk Management is by far the most challenging to attempt to master. Think of it like chess. You can never command it, only get better with time.
Ultimately, Compliance is the biggest and most important thing that keeps a business alive. An SOP with its distinct phases and steps establishes the basis for compliance. These are the literal checklists that direct the critical behaviors of the business, regardless of who is performing the duties. Any key business process that does not maintain any kind of documentation on “how to do this thing”, cannot be subject to any governance. Each person’s interpretation will be marginally conflicting.
Compliance works hand-in-hand with Risk Management. If things are designed to be done in a certain way, by ensuring that things ARE done in that way, the ultimate objective of the risk mitigation is achieved. The business process builder who created the SOP has done their best to ensure that, when doing things “right”, the business and its people (and customers) are protected.If an SOP is not being honored then governance will deliver it to leadership for improvement; Governance is important.
Lastly, Compliance is not employees following the business’s rules and SOPs. Businesses must follow the laws and regulations that their government has set in place. These rules were established to create a Governance & Compliance balance for each business in their country. Businesses that do not take compliance seriously are submitting themselves to risk for potential lawsuits. Flagrant breaches of compliance can lead to the closure of the business, so business owners must be aware of compliance laws in their industry. Legal compliance must represent a key facet to your risk management practices across all SOPs. This is not the place to get cheap either. Make sure you pay for trustworthy legal counsel and mentorship from those who have done it before.
As we mentioned in the beginning, businesses seeking lasting success must focus on forward strategies instead of one-off tactics for an isolated problem. By now you can hopefully see how any long-term business process must consider Governance, Risk Management, & Compliance to grow confidently. Governance and Compliance ensure performance with checks and balances to prevent bottlenecks in work or abuse of power. Risk management represents a proactive measure that looks for situations that could harm the business and takes steps to prevent them before they happen.
With the foundational business process building blocks of Governance, Risk Management, and Compliance any business can grow into a sustainable organization. To make it even easier, you can swipe our handy dandy Be Pro procedure template 👍
This business process builder template will serve to map out all 3 critical components & assist you while you accomplish your goals. And if that wasn’t exciting enough, you are going to receive the functional Google Docs version so you can make a copy, and start implementing it instantly!