It has been said that governance risk and compliance (GRC) prevents siloing. I would like to share a thought or two. There are no absolutes. Siloing can be bad, and at times, siloing can be good. Compliance is occasionally against siloing and occasionally for siloing. Compliance is all about bringing various groups together that were previously siloed, such as audit, risk, legal, HR, education, etc. We are the kings of silo prevention. The whole reason compliance works is because it brings groups together that were previously siloed and failed to produce results separately. However, there is a point of diminishing returns for the anti-siloing movement.
These other disciplines were occasionally pressured by others with a conflict of interest. Worse yet, they were forced to work with conflicted people and occasionally, work for them. They often got distracted by other sexy and interesting governance issues that had nothing to do with finding and fixing fraud. They got involved in cool risk projects for the CEO, such as the risk of putting up another building, opening a new office, or developing another project. These were projects that took time away from real compliance efforts and had nothing to do with fraud and abuse. The “compliance” efforts took a back seat and were diluted because they were not siloed.
Compliance has one imperative: Find and fix fraud and abuse. Combining governance risk and compliance occasionally creates a conflict of interest or dilutes the compliance efforts. The undue influence can come from being forced to work with others who have a conflict of interest. Because 90% of what governance does is unrelated to compliance, compliance takes a back seat or gets diluted. Because much of what risk does has nothing to do with fraud and abuse, compliance can end up taking a back seat. Part of risk’s overarching mission is to calculate the risk to the organization. Compliance’s overarching mission is to prevent risk to others from the organization. Sometimes compliance needs to be siloed from competing interests. On occasion, those competing interests become a conflict of interest.
Compliance is a new concept. Compliance is here because those who came before us failed. Those who came before us failed, not because they are not smart; they failed, in part, because their efforts were diluted and they were forced to work with and for people who had a conflict of interest. I am sure some of the logic was related to the fact that people didn’t want silos. However, they often failed because they were not siloed.
Siloing can be a bad thing, but there is no absolute. To have independence and to help remove conflicts of interest, by definition, you must occasionally silo. You can’t say siloing always helps just because siloing is generally a good concept. That is like saying transparency is always a good thing. Transparency is generally a good thing. However, if you print all of the hotline call acquisitions in the paper (like they tried in Ohio because of the open records law), innocent people will be harmed. Many accusations are wrong. Some are intentionally wrong. Transparency is generally great. The anti-siloing movement is generally great. They are just not always great.