The McKinsey 7S Framework is a management model that dates back to 1980. It is a well-known model that is used to help identify what needs to be realigned to improve performance, or to maintain alignment (and performance) during types of change. The 7-P model has a similar function to identify and curate the essence of Governance, Risk and Compliance issues.
The model is published amongst others in the Book Playing Jazz in the GRC Club; the ‘Future Perfect’ of Governance, Risk and Compliance. In Part 1 of this blog we list the concerns that belong to every concept in the model. In Part 2 the answers to these concerns are presented.The model contains 7 concepts, all beginning with a P. The two open connectors symbolize the current fragile transfer and connection points between the preceding and next concept.
The main seven GRC-concerns are:
Prudence
How to
reinstall confidence?
Society and
Government lack trust and keep issuing regulations to force the exercise of
prudence and enforce transparency.
Provisioning
How to get
help to cope with the flood of new regulations & expectations?
Provisioning
services from external bodies and providers are fragmented and lack structural,
syntactic and semantic interoperability. How to control cost?
Policy
How to
address continuous regulatory pressure?
How to
assess risk and impact of new regulations and changed conditions?
How to
align business objectives & performance within the defined risk tolerance
constraints?
How to
manage strategic and operational risk, promote ethical behavior and prevent
fraud and other misconduct?
How to
develop, align, distribute, communicate and maintain directives, policies,
procedures and controls and their lifecycle?
How to
provide meaningful insight from multiple perspectives?
How to
manage and impose contractual mandates?
Fragile transfer and connection point
How to
implement risk profiles with procedures, preventive and repressive controls in
the business? How to keep them up to date? How to plan controls?
Production
How to
align, execute and enforce controls across many products, systems and business
lines? How to get a 360-degree view of the client case context?
How to make
risk-tolerance-aware decisions based on preventive controls?
How to
automate decisions?
How to
monitor and synchronize collaboration? How to treat every case fair?
Fragile transfer and connection point
How to
record, secure and access data? Transaction and interactions (arti)facts in
many places, not linked to policy and controls.
Proof
How to
monitor, control and assure compliance?
How to move
from sample based backward to continuous forward control?
How to
report in time from multiple perspectives, internal and external?
How to
collaborate with different parties and roles?
How to
provide liability and litigation proof from a dispersed landscape?
How to
identify and detect internal risk?
How to
mitigate risk?
Performance
How to
prevent that the business operating system slows down and the business is under-performing?
How to
prevent that working capital is not available due to high risk reserves?
How to
concur technological limitations and growing complexity?
How to
apply technology to optimize gradually and assure return on investment?
Profit
How to
remain profitable and seize opportunities? Business as usual is cancelled; new
market risks appear overnight and come from everywhere.
How to cope
with change dynamics?
How to
create trust from the regulatory authorities and prevent reputation damage?
If you like this post, please share it with your friends and colleagues. Thanks!