Latest Products

From the Archives: Be An Enhancement To The Business

Friday 4 December 2020

* First published in the 2018 Edition of the GRC Professional Magazine

 David Squire was a long-standing GRCI member, who, along with a core dedicated group of volunteers, devoted an enormous amount of time and passion to developing GRCI and its accreditation and education programs. David believed passionately in equipping compliance staff with the right skills and knowledge to do their job to the best of their ability. He spent much of his career liaising with regulators to achieve the best possible compliance outcomes, building cooperative relationships for GRCI with other like-minded associations and helping build the profile of our emerging accreditation standards. Sadly, David passed away, but GRCI maintains this award to remind ourselves and our members of the extraordinary individual David was, as well as the  kinds of professionals our education options are for and the contribution made to the entire profession by their peers, who ensured rigour and relevance in our education program. 



Sharon Harvey, from Crestone, is a graduate and award winner from the GRC Event Series dinner, held in early October. 

She received the Certificate IV in Compliance and Risk Management and was awarded the David Squire Memorial Associate Student of the Year Award. Harvey is the Risk and Compliance Adviser at Crestone; however, like many risk and compliance professionals who have been in the industry for some time, she has worked at several different financial institutions. As a result, she has benefitted from seeing how other businesses work and has experienced the varying relationships businesses have with their risk and compliance functions.

When asked ‘who is Sharon Harvey?’, she responded that she is someone who is passionate about integrity and the law. This is significant in a financial industry that has had some difficulty combining product development with their best-interests’ duties. Like many of her contemporaries, Harvey ‘fell’ into the risk and compliance space, first moving from a tax advisory role, to advisor, to an office process and management profile, to compliance.

 As so often happens, that compliance role grew, and Harvey found herself involved in a number of investigative positions. Over time, and with growing experience, she then built her audit and compliance pathways into a full-time compliance and risk management role.

What does set her apart from many of her contemporaries is her Masters in the Psychotherapy and Neuroscience and the fact that she is a trained councillor, group therapy practitioner and a hypnotist—though she promises she has found little use for the latter in her current work!

What has been useful for her, however, is her understanding of human behaviour and patterns of behaviour. 

“I’ve found the councillor training—especially listening—very useful,” Harvey explained. “Especially when seeking information from people, such as distressed clients, and when I’m conducting investigative work,” she explained.

Harvey’s approach always begins with giving the client the benefit of the doubt. 

“I don’t go out seeking to find things. But also, I do know that human behaviour, being what it is, leaves traces of patterns, and in risk and compliance work you tend to find them when you have a look around.”

One advantage Harvey has gained from working at Crestone is that the business was interested in compliance becoming an ‘enhancement’ to the business. This, according to Harvey, is something the business wanted to be proud of. Unfortunately, this is not the experience for every risk and compliance professional. 

“They [Crestone] wanted to have an approach to working with compliance, rather than resisting it, which I think has come out in some aspects in the Royal Commission.”

Thus, Harvey sees her role as being a ‘shield’ for the business, while also considering the best interests of the client. 

In 2018,  it  has  been very  hard to avoid conversations  about  the  Royal Commission,  an indication that  is  a watershed moment  for the Australian  financial  sector. 


In many  ways, it  has  been like  a modern-day Aesop’s fable, with a clear moral undertone. The  irony is not  lost  on Harvey, who has  been able  to pick lessons from the hearings and Interim Report to take back to the  business.

 “The  Royal Commission,  I think,  for many  risk and compliance  practitioners  is  at  a turning  point,” she said. “For  me, the major  lesson has been to continue  to work  with integrity.  Risk  and  compliance has been, at times, in  a  bit of a  dark place, seen  as a business  retardant  as  opposed  to an enhancement. I really do believe, and I know a number  of other compliance  and risk   practitioners  do as  well,  that  if you  can show  whoever you  are  working  with that  you understand the commercial realities and that, if you can be guided by  as opposed to being trapped by legislation, then you can make  a real difference  in your work and actually  save  the  business money.” 

Understanding of the commercial realities is one of the major  factors of building the trust that is necessary. 

How to build trust: 


  • Be honest and up-front  because  the  business needs to know  who you are  and what  you are committed to  achieving. 
  • Be authentic, even if it means there will be tough  conversations. 
  • Get educated about the business that you are going into and any  legislation that  guides that business world. 
  • Show passion and become just as involved in  the business  as the  business  owners  to ensure  the business does well—but not at the expense of the clients 


  • Make presumptions. Let the facts speak for themselves. 
  • Be discourteous.  Always be professional and polite 
  • Change your report or your feedback to clients, even if pressured to act.  Stand firm—good business depends on the trustworthiness of the practitioner. 

Harvey’s tips on how to ‘get it right’ in your organisation

“Learn the  ropes of  compliance  infrastructure  and ensure  it  is  being  done  right,  wherever you  work. Learn how  to improve  on that.  Absolutely  join the Governance Risk and Compliance Institute and reach out  to that  community  because  there  is  a huge  base of knowledge and experience there.

Get educated: do the  courses  there  and let  the  business  know you  exist  as  a tool to business  enhancement,  not business prevention.”