It all comes down to compliance. Compliance with your own strategic visions and goals. Compliance to some defined standard, like ISO-9001 or PCI-DSS. Compliance with common sense. Compliance with best practice. Ensuring activity is in line with the goals. Ensuring that you are heading in the right direction.
A key principle – are you compliant? If not, then where are you falling short, and what is the consequence of that falling short? Are you heading in the right direction, and what is your answer based on? Most of the services we offer are aspects of this central principle.
This is the corner-stone of everything we do. It is a process. There needs to be:
strategic vision, and strategic goals - summarising aspiration and intention
a strategic plan involving methodologies or frameworks or structures or ways of doing things or how things need to be done to achieve these goals
some way of measuring what you are doing to enable some form of guidance to progress
continual review – you need to continually cross-check that you are heading in the right direction, the direction of your goals. If not, adapt what you are doing – or maybe adapt your goals, let them change or grow or deepen.
One main thread of this is around compliance to a defined standard, specialising in ISO-27001 (Information Security). This is a published standard and certification requires an independent auditor.
Another thread of this looks at the compliance of your activities with your strategic visions and goals. Another thread of this work is compliance to best practice. What this means will vary widely depending on the context, the organisation, the industry, the complexity… But essentially, best practice according to your comparable peer-group.
Business Continuity (BC)
This is deeply tied together with Risk Management. Business Continuity is about enabling an organisation to respond to, and recover from, disruptions effectively. All companies should have some form of BC planning in place. This means reduced costs and less impact on business performance should something go wrong.
Our work is rooted in the ISO-22301 Business Continuity
This is about arriving at some degree of certainty that what should be in place is in place. What this means will vary widely, and there are many standards, frameworks and opinions. Also there are many degrees of adherence to those, voluntary, regulatory, legal… It is a case of what is relevant for you. In the absence of some standard or framework, we have developed a Genesis Governance Assurance Framework to which we can work.
Good governance is at the heart of every successful business.
This is about handling the unexpected. It involves identifying, assessing and controlling threats to your ability to meet your business goals. How deep it is relevant for you to go will vary widely, depending on the nature of your business, its size and its complexity. Whether you are a one-person business, an SME, or a multi-national organisation, the necessity to control your risks is there, and the underlying principles of management remain the same. Our work is rooted in the ISO-31000 Risk Management Standard.
Unexpected things happening isn’t necessarily a bad thing. Risk Management is also about finding new opportunities.
This is about the process of verifying business status and activity against some criteria, or standard or framework. This may be a regulatory requirement, or a voluntary one. Either way it is an integral part of ongoing improvement.