"When properly implemented, GRC can serve as a basis for efficient, ethical and faster service delivery, without burdening the governance and decision-making processes with undue bureaucracy," said Monelo Nxozi, senior manager: information security, it risk and governance at the Road Accident Fund.
It is necessary to clearly outline what are the critical success factors for efficient and ethical service delivery in the public service, he continued. "It is widely acknowledged that corruption and lack of accountability are the key concerns that underpin the failure of service delivery. These concerns point to fundamental weaknesses in the governance processes and compliance imperatives that must be observed in decision-making processes."
Against this background, it is important to note the key benefits of GRC, he stressed. These include:
i) Identification of appropriate and suitably qualified stakeholders who must drive service delivery;
ii) The implementation of governance structures who are tasked with oversight and accountability functions;
iii) Tools for analysis of risks and enforcement of compliance to relevant policies, regulations and frameworks; and
iv) The prioritisation of investments and review of benefits/value realisation (ROI).
"My view is simply that GRC principles are the same across the public and private sectors, even though the accounting and governance mechanisms may be different. It is important to maintain consistency across the sectors, so as to place the same burden of excellence and strategic alignment on the public sector as the private sector," said Nxozi.
"However, GRC practitioners need to demonstrate an understanding of the nuances of their different environments when they apply GRC principles. That way optimal value can be derived from the exercise and adequate alignment to the strategic objectives can be achieved. The alternative is to reduce GRC to a checklist exercise," he explained.
GRC is more mature in the private sector than in the public sector, he elaborated, for a number of reasons that include a better appreciation of the value of GRC by the boards of private companies.
"In the public sector, one needs to draw a distinction between state-owned entities (SOEs) and the departments across the various spheres of government. The Auditor General asserts that it is easier to implement IT governance in the SOEs than in the departments. The challenges that face the practitioners in the public sector relate to inadequate support from the top, budgetary constraints to implement appropriate tools, lack of appropriate skills, the complexities of the spheres of government, unclear guidelines and a silo approach," said Nxozi.
"There is a lot of drive and investment towards digitising content, cloud computing and use of mobile applications within the public sector. This is aimed at improving access to government services. What these innovations demand is not a change in the role of GRC practitioners, but they emphasise the need to position the role of GRC practitioners appropriately as a strategic function. This is the only way that the value of GRC can be optimised," he concluded.
Nxozi will be a speaker at the ITWeb Governance, Risk and Compliance 2017 conference that will be held in February at the Forum in Bryanston.
Share