Yazeed Al-Khalifa, Chief of GRC, The Royal Commission for AlUla
Beneath the surface the field of governance, risk management and compliance (GRC) is about togetherness.
In GRC one plus one does not always equal two. When GRC is conducted effectively so that it is the responsibility of everyone and the result of collective rather than isolated effort, then it is more than the sum of its parts. When it adds value by building a framework for success, one plus one can equal three.
With that in mind, when we create GRC initiatives at the Royal Commission for AlUla (RCU) we do so in two phases.
In the first phase we apply it out internally. We get our own house in order. We monitor the programme and receive internal feedback so that the programme is sufficiently mature for the second phase: rollout across AlUla County.
This second phase touches on something unique about working at RCU. We are making GRC policies not just for a company or a government department but for an area the size of a small country. That is no exaggeration: AlUla County, at more than 22,000 square kilometres, is bigger than Cyprus and Lebanon – combined. This is a huge responsibility.
The RCU GRC team manages processes and programmes across our four principal areas:
1- Enterprise risk management: Strategic, operational and capital risks are identified, managed and reported quarterly to the executive management committee and the board.
2- Enterprise resilience: Last year we developed the core business-continuity and crisis-management plans for all RCU corporate departments. These plans cover anything that can disrupt the business, whether technical, physical, procedural or capital-cost. The plans include recovery methods and time frames. In 2023-24 after internal testing is complete we will extend these initiatives into entities across the wider ecosystem that is AlUla County.
3- Ethics and compliance: This year we are creating full compliance monitoring and assessment plans for all depts. RCU complies with many local and international regulations. For example one of our strategic partners is the United Nations Educational, Scientific and Cultural Organisation (UNESCO). The GRC team must ensure RCU is aligned with UNESCO’s way of doing business just as they must be aligned with ours. Developing compliance programmes is a big job, given the reach of RCU into so many sectors. And on the ethics front, we continue to add important policies such as anti-bribery and corruption (ABC), anti-money laundering, and code of conduct. We also create processes to investigate and manage violations.
4- Governance: This has two parts, internal and subsidiary governance. For subsidiaries, such as AlUla Peregrina Trading Company, we develop a governance model fine-tuned for each subsidiary. These tailored models reflect the fact that some subsidiaries will be more independent and others will be executing RCU strategy. This reflects the growth of RCU to become less of an operator and more of a regulator. Internally, our governance framework enhances transparency and ensures that the governing principles of RCU are applied throughout all departments.
Why does this work matter? It matters because when sensible rules are in place, when systems function effectively, when people understand that a crisis will not become a catastrophe, when ethical standards are high, then everyone benefits. The community benefits because daily life runs more smoothly and the employees benefit because their workplace is organised in a way that is rational rather than random.
Working together, we will become even greater than the sum of our parts.
>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : Argaam EN – https://www.argaam.com/en/article/articledetail/id/1653495
