Ten warning signs your GRC needs improving

If you feel like your business is constantly fixing problems and you’re worried about your legal or regulatory obligations, then perhaps your Governance, Risk management and Compliance (GRC) is weak and systems need improving.

Here’s what we would suggest you look at:

1. Errors

Your firm is making errors, whether it’s individuals, teams, management or the firm as a whole. Whilst some errors are inevitable, when they are repeated, or lessons aren’t learnt from them, then this could be signs of more significant GRC problems. Recording of errors and near misses, and acting on them is key to building a robust framework .

2. Complaints

Poor service to customers or clients, poor quality or unsuitable products, or low productivity can be signs of problems with GRC; understanding why complaints are made and fixing the problem is essential.

3. Missing or ineffective processes

If processes no longer work properly, or are out of date, or ineffective, yet are still being used, then there could be a management problem or a reluctance to change things, because we’re too busy and that’s how things have always been.

Constantly seeking even marginal improvement is a sign of a good GRC culture.

4. Lack of monitoring, reporting, management information

If your firm doesn’t properly monitor what’s going it, then it can’t measure performance and identify areas of concern. If you’re not generating information, analysis and good reporting on it, and acting on the outcomes of the reports, then you may not be performing up to your potential.

5. Awareness of Risks

Perhaps you don’t have a risk policy, you don’t carry out regular risk assessments. Without regular risk assessments, you won’t know what could happen, and how you’d respond to events.

6. Few meetings

If you’re the sort of firm that prefers to do the work rather than have meetings, then you might be missing out on insights from different departments that would help the firm grow.

Perhaps your Customer Service and Sales Departments never talk to each other. Perhaps Management and Finance are always at odds over how best to spend, invest or save money.

7. Awareness of problems

Maybe you’re unaware of the problems your firm is facing. Perhaps you don’t have time to read the reports sent to you, or when people tell you that everything’s fine or you don’t need to worry, you believe them.

In the post financial crisis environment, senior management has no excuse not to know what is happening on the shop-floor.

8. How are risks reported upwards?

Without a process for updates, you may never know what issues are affecting your staff. They will generally know what is important in terms of risks to your sales and growth.

9. Complacency toward problems

Perhaps you’re aware of these or similar problems but are too busy to sort them out, think they’ll sort themselves out, or don’t think they’re that important in the grand scheme of things. Not taking time to quantify and prioritise is one of the most common mistakes.

10. Culture

You’ll want to make sure that all staff are aware of the obligations and requirements for your firm and your industry. You will have a way of doing things and will want staff to reflect that. But how do you do it in a way that is not patronising and rewards the correct behaviours? Setting the tone is an important element in rolling out best GRC practice. Easily forgotten, is it part of everyday communication? Can you be sure everyone has understood and is following through?


If this sounds a bit like your business, or perhaps you’ve had a couple of close calls with legal or regulatory breaches, or you simply want to know more about how your business works, now might be a good time to think about Governance, Risk and Compliance.

Rather than try and fire-fight problems as they happen, it makes more sense to reduce the chances of these sorts of problems occurring in the first place.

If you haven’t got the knowledge, time or resources to manage your GRC in house, why not outsource your GRC to us?

We’ve helped lots of small and large firms to manage their GRC. This has seen them improve their business practices, understand and mitigate their risks, and ensure they remain compliant with the rules and regulations they need to abide by.

What can we do for you? Why not contact us on +44 (0)20 7399 4980 or e-mail: info@complyport.co.uk and tell us how we can help you.