Governance, Risk, and Compliance (GRC): Integration vs. Separation in the Government Sector of Saudi Arabia

Abstract

Governance, Risk, and Compliance (GRC) functions should be implemented effectively because organization performance and citizen trust in the public administration are critical (Makaš, 2023; Taufiq, 2023). The impacts of a poorly designed GRC system on a public institution can be disastrous, such as incurred delays in responding to crises, increased susceptibility to corruption and systematic inefficiencies, which undermine trust and prevent a country from progressing. The fundamental core components of GRC should be defined to comprehend GRC. The governance of the public sector entails how the government entities are guided and managed in terms of making decision and having authority and accountability (Abdelrahim, 2023). Good governance creates trust within the population hence having efficient use of resources, good implementation of policies, and ethics (Alhejaili, 2024). Risk management refers to the process of incident identification, assessment, and reduction, including financial management mishaps to data breaches (Almgrashi & Mujalli, 2024). Effective initiative-taking risk management protects common wealth and service and delivery. Lastly, Compliance refers to dealing with laws, regulations, and ethics (Abosaud, 2024; Mujahid, 2024). In the public sector, this is critical to the legal and ethical integrity, avoiding fraud, maintaining a position of public confidence, and necessitating strong controls to reconcile activities and needs. The concept of GRC has been changing in parallel with the evolution of public administration, especially after the 1980s New Public Management (NPM) reforms (Bracci et al., 2024). NPM focused on achieving efficiency and accountability in the public sphere using the management methods of the private business. With governments under pressure to become more open and responsive, GRC frameworks began to develop to manage governance, enterprise risk and regulatory compliance (Adeyinka et al., 2024). Through Vision 2030, transformative reforms are occurring in the government of Saudi Arabia, striving to achieve more transparency, accountability, and efficiency (Bracci et al., 2024; Omran, 2024). One of the main revisions is the betterment of GRC frameworks to successfully comply and manage risks (Alsulami & Chafai, 2024; Rehman et al., 2024). This background sheds light on the argument of separating and integrating GRC functions (Alqahtani & Abuanza, 2024). According to Taufiq (2023), the combination of GRC elements brings efficiency and harmony. In contrast, Sukomardojo et al. (2023) claim that apartness encourages expertise specialization, accountability, and avoids any conflict of interest. This study compares integrated with segregated GRC systems in the government sector in Saudi Arabia to provide viable recommendations to policymakers to promote good governance and compliance in line with Vision 2030.