What Should Governance and Controls Look Like in the Hybrid Workplace?

Kezia Farnham

As we (hopefully) put the worst of the coronavirus pandemic behind us, organizations turn to their return-to-the-office strategies. Many companies won't see a 100% return to previous working arrangements but a balance between in-office and remote working. A recent CNBC survey found that just under half of the companies plan to use a hybrid work model in the second half of 2021.

The drivers behind this vary; employee health and wellness were the top factors for respondents to the CNBC survey, followed by productivity and access to talent, all of which are enhanced by a hybrid working model. Many employees have expressed their wish to see hybrid models continue; your ability to attract and retain talent will, more than ever, depend on the work-life balance you offer.

Many organizations hope that working in a way that combines face-to-face with remote can deliver the best of both worlds; human interaction and a move away from the isolation of home-working, alongside the work-life balance benefits that people experienced in the last 18 months.

It's not all plain sailing, though; working in a hybrid way can bring challenges. Alongside gains around flexibility and wellbeing, there are also potential risks inherent in remote or hybrid working patterns.  


The Governance and Compliance Risks of Hybrid Working

What are these threats? They are varied, ranging from IT and cybersecurity risks to health and safety or labor relations issues. In a governance, risk and compliance (GRC) context, three chief threats are:  


1) Visibility

Remote working lessens the visible evidence that your policies are being complied with. You cannot physically oversee whether your employees are taking the right actions. This is where consistent data capture and monitoring are invaluable, enabling you to maintain confidence in your processes and controls.


2) IT and Cybersecurity

As offices pivoted to remote working, security implications moved center stage. Covid-19-induced change 'ushered in a 360-degree shift in the nature of business, and in turn exponentially intensified cyber risk.'

Even without the wholesale changes wrought by the pandemic, organizations' increased digitalization demands greater governance, as technology-based offerings create opportunities for criminals, as well as businesses.

This brings several related risks:

  1. The threat of costly data breaches created by poor cybersecurity practices or lack of employee awareness
  2. Vulnerabilities due to creaking IT architecture
  3. Risks relating to data privacy and adherence to requirements like GDPR

Ironically, technology weaknesses don't just create risk; they also limit your ability to identify and mitigate it. Shortcomings in the technologies you use to manage and monitor performance undermine your efforts to manage the threats you face.  


3) Lack of Best Practice Modeling and Knowledge

There's little excuse for not knowing the right approach to a situation in an office or on a factory floor. Employees can ask their co-workers how they respond to an odd-looking email or a measurement that falls outside risk tolerances. Colleagues also model best practice approaches, enabling new or uncertain employees to use the correct actions.

Working remotely lessens the potential for this. The disconnect from fellow workers reduces employees' ability to see and mimic accepted approaches or learn by osmosis.

If your processes and controls are undefined or not clearly communicated, the risks these poses are intensified. Having mandated processes determined and monitored within a robust GRC platform significantly reduces the chances that people will go 'off-piste' in their interpretations of good practice.




The Essential Controls and Processes to Mitigate Hybrid Working Risks

The good news? You can take some initial steps to tackle the increased risks generated by returning to work in a hybrid way.

  • Keep governance at the forefront of your operations

Any digital transformation program ' and let's face it, hybrid working is as much a digital transformation as a human one ' demands that governance is prioritized. 49% of IT leaders believe digitalization will continue its acceleration; there's no excuse not to focus firmly on the governance implications.

Digital resilience remains a differentiator as we head towards 2022. Implementing tools like cyber risk dashboards can bring structure and rigor to your efforts. It's worth exploring the compliance solutions available to keep governance central to your operations.

  • Create new ways of monitoring governance, risk and compliance

The way you measure governance and compliance might have to change to accommodate new ways of working. McKinsey notes something similar as regards employee productivity; when people are not present in an office, 'organizations can focus on measuring outcomes instead of simply inputs like hours logged by employees.'

A similar approach can be used for your controls and processes; as remote working lessens the visible evidence that your policies are being complied with, the need for a structured and robust framework for measuring compliance outcomes grows.

  • Maintain strong human connections

Working in a hybrid way can loosen the connections between team members. But governance is a team sport, one where success is amplified by individuals pulling in the same direction. We mentioned above the benefits of learning from others. Take steps to ensure you maintain this ethos, even when colleagues aren't physically located together. Make the most of time in the workplace to build team connections, share best practices and emphasize the importance of engaging with measurement and monitoring tools so that you can continue to tackle risks based on accurate, comprehensive data.

  • Elevate risk to board level

Rethinking your working practices demands that you reassess your entire approach to risk. The threats you face are ever-evolving; your board and senior management need to be closely involved in defining ' and visible in leading ' your mitigation strategies.


Respond to the Risks Inherent in the Future of Work

Organizations are living through a new era ' possibly the most considerable upheaval in working practices they will have seen. As we noted above, leadership is central here; your board and senior directors set your corporate course and chart the way to success. Creating strategies for governance and compliance in the new workplace forms a vital part of this. But knowing where to start and which direction to take can be mind-boggling, even to the most experienced of leaders.

Diligent's new guide, The Future of Work Blueprint: 4 Key Strategies for Leaders, has been designed to help. In it, we examine the strategies that will be crucial in empowering organizations for the future:

  • How to transition effectively to hybrid working models
  • Ways to spark innovation among distributed teams
  • How to retain and nurture talent amid a global talent war
  • How to make organizations more sustainable and equitable

Download a free copy of The Future of Work Blueprint.

Related Insights
Kezia Farnham Diligent
Kezia Farnham
Kezia Farnham, a Senior Manager at Diligent, has spent several years working in the B2B SaaS sector. Her expertise in equipping governance, risk, audit, compliance and ESG professionals with key insights into sustainability, cybersecurity and the regulatory landscape helps them stay ahead of an increasingly challenging business environment.