Look, Mom! It's a Texas Moose!

In September 2010, my family moved from Seattle to Austin for a brief few months. We spent a lot of time in our first week driving around – to shopping malls, to parks, to restaurants, to movie theaters, to auto mechanics, and so on – trying to get to know the community. Driving around a lot all over Austin means you inevitably come across an Academy Sports location, and it’s there where we’d been told by several friendly strangers that we’d likely find a Texas Longhorns jersey for my 5-year-old football fanatic son.

“Look, Mom! It’s a Texas moose!”, he blurted out shortly after we entered the store. Looking to where his finger was pointing, we indeed saw a big 10-foot-tall inflated Texas moose, complete with cowboy hat, burnt orange shirt, T-logo bandana, and saddle pants. Except that since we were in Texas, of course, this moose was actually a longhorn. We laughed at it then, thinking "You can take the boy out of the Northwest, but you can't take the Northwest out of the boy," and we still laugh at it today.

I bring up this story to illustrate a point: Things are not always as they seem. Such is often the case when an enterprise organization takes it upon itself to manage its own Governance, Risk Management, and Compliance (GRC). It does so without consideration of what other organizations are doing about GRC. To make matters worse, many other organizations in the same enterprise are going about managing GRC on their own too, and so in reality the whole enterprise has multiple separate and disconnected efforts that are instead combining to increase the company’s risk and decrease its compliance. This outcome could be avoided.

Mistaking a Texas longhorn for a Texas moose was a laughing matter for sure. Mistaking a disconnected GRC management model for a connected one is not. But while moving to a connected GRC program generally isn’t easy, it is achievable over time. It simply requires systematically working through the data, process, political, and behavioral challenges that modern organizations typically deal with during times of change.

Let’s be honest: GRC management is not one of the sexiest or most noticeable responsibilities to own in an enterprise. Problem is, it’s dang important. To solve it by converting it from a disconnected yet well-intentioned effort between separate functional organizations to one that makes siloes irrelevant requires expertise that enterprises generally don’t have in-house, at least not from willing employees. Bringing in outside expertise in the form of a managed GRC as a Service (GRCaaS) is the better route.

Don’t be fooled in to thinking that you have a Texas longhorn when you really have a Texas moose. To learn more about solving your enterprise GRC needs with GRCaaS, give me a shout.