PREVIEW: Chapter 7 – Executive sponsorship
Chapter 7: Executive sponsorship (excerpt)
If the success of a risk management or GRC program is reliant on one thing, it’s the executive support it needs to flourish. At first that support is required when somebody within the organization articulates the need to be more effective and/or more efficient in managing the ever-increasing levels of threats, vulnerabilities, and therefore risk in the organization. That first person may be taking a career risk suggesting that the organization should evolve, or do things differently than how they’re done today. Face it, it’s hard to get people to change if the processes they have today are working, even as painful as they may be. The old adage “If it ain’t broke, don’t fix it” rings loudly.
So how do we effect change in an organization if the natural reaction is reluctance to change? Change can only last if it is a priority from the top down, and that is why executive sponsorship is so central to the success of any program. A GRC program is no different, and in fact I would argue it’s actually even more critical to have strong executive support, given the importance of effective risk management in most organizations today.
The difference between a GRC program with and without a visible and vocal project sponsor is like night and day. Without a sponsor, the short-term priorities of the day take over and the big picture importance becomes less obvious because something else has taken center stage in the conversation. The executive sponsor needs to keep the topic on the table at most meetings, even if only to suggest that other parts of their mandate will be informed by this initiative.
Not to overstate the importance of strong (and visible) executive sponsorship, but it really does make the difference between a program that is effective and successful or not.
Here’s the trick though: A sponsor is putting their career on the line to support the program, and the higher the perceived risk, the harder it will likely be to find a sponsor! If your organization is about to make a major pivot like implementing a risk management platform, define the goals that deliver value as quick wins and have a roadmap for additional value in subsequent steps. This approach of incremental risk and reward will help build confidence with the appropriate levels of sponsorship.