Can IA / GRC professionals be inspired into a role in strategy delivery?

The BIG CIC Conference is all about introducing Business Integrated Governance to people, and quickly linking attendees to examples of where integrated governance has been leveraged before, and where the BIG BOK has been used too. It will provide a practical session on helping protagonists to build a vision, cased and stakeholder base - enabling development of a business case to do something!

This session is run with the Governance Risk and Complience community – in the form of Tim Leech.

“Does your board receive reliable information on risk linked to your Mission Critical Objectives?”

Some would argue that Most boards would struggle to answer “yes.”

The reason? Most governance frameworks focus on compliance and controls, not the objectives that determine whether the organisation succeeds or fails.

Tim calls it the “Don’t Tell / Don’t Ask Governance Syndrome.”

Boards avoid asking probing questions about risk to mission-critical objectives; management avoids volunteering uncomfortable truths.

The result: mutual avoidance, information asymmetry, and oversight blindness.
Boards discuss generic “Top 10 Risks,” while uncertainty around the most vital objectives — safety, reputation, resilience, profitability — goes unseen until it’s too late.

OCRUM: Managing Uncertainty Where It Matters Most

Tim’s Objective Centric Risk and Uncertainty Management (OCRUM) approach reframes risk management around ISO’s definition of risk — “the effect of uncertainty on objectives.”

OCRUM makes Mission Critical Objectives (MCOs) the anchor point of governance:

Each MCO has an Objective Owner/Sponsor accountable for achieving it.

Risks and uncertainties are mapped to these objectives, not to abstract categories.

“Uncertainty ratings” express confidence levels in achieving each objective — clear, actionable, and measurable.

As Tim notes, this transforms risk and internal audit from police functions to performance enablers — linking their work directly to strategy and outcomes.

The combination of Business Integrated Governance and Objective Centric Risk and Uncertainty Management offers boards and executives a clear, practical path forward.

Read more of Tim and Davids recent blog on the topic:

Join Tim and David as they discuss these points and engage audience comment / question:

Segment 1 - Introduction - general perspective on the compliance box

Segment 2 - Mission Critical Ovjectives (MCO) - why this concept is so important

Segment 3 - How BIG can support MCOs.

Segment 4 - Reflection on MCO and a BIG perspectives as means to achieving end to end strategy to delivery, and to inspire IA / GRC professionals to improve the connection of strategy to delivery and back again - to get out of the compliance box?

Outcomes

By the end of the session, participants will understand the bodies of knowledge available for MCO and integrated governance, and have confidence to apllore them in their own scnearios.