Pushing ahead in the post-pandemic era with Performance Management, Governance and Risk capabilities - Webinar Summary

In this new normal, the traditional approach to business planning has changed forever.

On 8 March 2022, Straits Interactive and DPEX Network held a webinar which tackled the challenges the post-Covid-19 world has brought to the traditional strategic planning process.

In this VUCA (volatile, uncertain, complex, and ambiguous) world, businesses must search for a better framework to help them recover quickly from unforeseen circumstances. At the same time, the degree to which businesses can leverage the opportunities that arise from such uncertainties also dictates whether they die, survive or thrive.

The panel of speakers were:
• Mr Charles Ng, Independent Director & Advisor and Former Group CFO of Como Group
• Mr Goh Liang Kwang, GRC Advisor and Former Deputy Commissioner of Police
• Mr Kevin Shepherdson, CEO, Straits Interactive

To watch the webinar in full, please sign up to be a DPEX Network community member, log in and visit the Resources > Videos section on www.dpexnetwork.org, where the evergreen recording will be made available within two weeks following the webinar.

Traditional strategic planning is obsolete

Prior to the onset of Covid-19, the planning process was more straightforward. A company would set out its objectives, formulate strategies, and devise the corresponding tactics that it would deploy to achieve its goals.

However, the pandemic has revealed the inadequacy of this model.

“The trouble is that when something happens in the middle of the year, like in 2003 we had the SARS outbreak, suddenly everyone wakes up. [We realised that] this has not been budgeted for,” said Goh.

“You never imagine that a health crisis would strike the whole island … We always neglect the part about what could possibly happen that could upset our plan, and never think of the downside – the risk part,” he added.

“So our budget, strategic planning and technical planning are always done in isolation, without thinking about the possible risk scenarios, how we can react. And therefore we need to actually pull out some plan on how we can have a contingency plan and a contingency budget to cope with the crisis. This has happened with Covid-19 as well.”

Although many people take the time to set objectives at the beginning of the year, they eventually find themselves facing unforeseen circumstances which impact these objectives. The planning then becomes useless, and traditional frameworks are obsolete.

An opportunity for The Great Reset

As businesses recognise the limitations of such frameworks, many have shifted from conducting the usual five-year strategic plan to a rolling 24- or 18-month strategic plan. However, the siloed approach of this model is what makes it insufficient in tackling the post-pandemic challenges of today.

“This is what I call ‘The Great Reset’. Basically we are going back to ground zero. And one piece of advice that I tell my clients is this: When you look at a tree, you are only looking at the individual risk, but if you begin to look at it from a forest perspective, you begin to see the interconnectivity of risk and objective.”

“A lot of organisations today realise that you can’t just look at the tree, you have to look at it as a forest. And I think a lot of organisations are not prepared for that.”

“My own experience is that when we do annual budgeting and planning, we also do risk management. But we do it as a disjointed exercise,” said Goh, echoing Ng’s sentiments.

“To implement your control measures [for risks], you need resources – people, money, budget. But we find that some of the key control measures for the top risks cannot be implemented quickly,” he added. “Because of the disjointed exercise, the budget is not planned for and you have to wait for the next financial year. So you end up having more risk. A more coordinated and integrated framework would be helpful.”

The new goal – principled performance

Principled performance, defined as “the reliable achievement of objectives while addressing uncertainty and acting with integrity”, offers a new way of framing corporate objectives so that risks, external factors, and compliance with regulations are incorporated even before a crisis occurs.

This broader outlook can equip both small- and medium-sized enterprises and multinational companies to prepare themselves against the threats that arise from uncertainty, and recognise and leverage the opportunities that arise, all while consistently complying with the requirements and regulations imposed by authorities.

Ng warned, “It is not Covid that will kill the business; it is actually your inaction and your inability to be agile that will kill the business.”

Principled performance is strongly linked to the Governance, Risk Management, and Compliance (GRC) approach.

According to Shepherdson, “this is a new view of GRC, where the focus is not on GRC. When we talk about ‘reliable achievement of objectives’, we are talking about governance. When we talk about ‘addressing uncertainty’, we are talking about risk management, which is also linked to performance management.”

“And when we talk about ‘acting with integrity’, we are meeting the requirements. The focus should not be on GRC, the focus should be on the objective. It’s about creating an integrated GRC capability to support principled performance.”

The panel also went on to discuss the significant impact of this framework, especially given current trends such as the growing importance of ESG (Environmental, Social, Governance) in today’s business environment.

Some of the questions asked by the audience during the webinar, and addressed during the question-and-answer that followed the panel discussion, included:
• GRC is usually used by large multinational companies. Is it practical for SMEs to adapt this framework?
• How is GRC helpful for Data Protection Officers (DPOs)?
• How do you keep stakeholders on the same page? How frequently do you have to communicate with stakeholders?

To watch the webinar in full and learn more about Principled Performance, please sign up to be a DPEX Network community member, log in and visit the Resources > Videos section on www.dpexnetwork.org.

In partnership with Singapore Management University (SMU), Straits Interactive offers courses where you can get certified as a GRC professional. You may visit the following links to find out more:

Advanced Certification in Governance, Risk Management, and Data Compliance
https://www.dpexnetwork.org/data-protection-competency-roadmap/adv-cert-grc

Advanced Certification in Data Governance Systems
https://www.dpexnetwork.org/data-protection-competency-roadmap/adv-cert-data-governance-systems

Advanced Diploma in Data Governance and Management
https://www.dpexnetwork.org/data-protection-competency-roadmap/adv-dip-data-governance-and-management

The DPEX Network also offers a GRC Professional Training Course under license from the Open Compliance Ethics Group (OCEG) that helps individuals develop the understanding and skills to integrate GRC in one capability. You may visit https://www.dpexnetwork.org/courses/grc-professional-training-oceg to find out more.