The five-pillar GRC model
Click a pillar to explore its mandate, health and key measures.
Governance
Risk
Compliance
Performance
Process
Governance pillar
Needs attnBoard & EXCO effectiveness, policy currency, governance forums and the Company Secretariat.
- Board/EXCO resolution implementation: 96%
- Policy library currency: 90%
- Quarterly Board GRC reports: on schedule
Risk pillar
On targetEnterprise risk framework, register, appetite and quarterly deep-dive reviews.
- 30 risks on the register (3 Critical · 7 High · 12 Medium · 8 Low)
- Critical risks with treatment plans: 100%
- Register updated monthly: 100%
Compliance pillar
On targetRegulatory obligations across NUPRC, NOSDRA, NDDC and NRS, plus annual certification.
- Obligations met on time: 95%
- Regulatory enforcement actions: zero
- 1 obligation at risk (NDDC 3% levy)
Performance pillar
ExcellentKPI transparency, dashboard cadence and Board/EXCO performance reporting.
- KPI scorecard published monthly
- Board reports delivered on time: 100%
- Five-pillar health tracked live
Process pillar
Needs attnInternal controls, control self-assessment and process excellence.
- Audit findings closed on time: 90%
- Control self-assessments underway across depts
- 6 open audit findings being remediated
Five objectives
Protect our licence to operate
Zero regulatory surprises across NUPRC, NOSDRA, NDDC and NRS.
Build enterprise risk capability
A single, owned, living risk register with real treatment plans.
Strengthen governance integrity
Effective Board/EXCO forums and current, enforced policies.
Institutionalise process excellence
Designed controls, self-assessment and continuous improvement.
Enable performance transparency
One source of truth for GRC performance, refreshed every month.
Hub-and-spoke model
A lean central GRC hub supported by functional focal points embedded in every business unit.