Governance, risk management, and compliance, or GRC, is at a crossroads.
In the past, organizations have failed to meet their GRC objectives because they not properly integrated the three components. Many firms still have systems in place which are overcomplicated and disjointed, with too many people attempting to achieve GRC goals from across too many different departments, all of them sending out too many messages about too many policies.
In such an uncoordinated environment, with so many moving parts pulling in different directions, it is easy for the information required for effective decision-making to get lost. Such companies suffer from a lack of the agility necessary to keep exposure and vulnerability in check. Instead, they are forced into a spiral of reactivity, with siloed initiatives that fail to see the big picture, causing gaps and redundancy, wasting resources and increasing costs. They create an organization that lacks the necessary flexibility to operate in its business environment, and is unable to adapt quickly to change.
In the future, compliance must look to achieve six key objectives: Consistency, efficiency, effectiveness, agility, transparency, and accountability.
Compliance will look to meet these by actively participating in the risk management function. Firms are already increasingly unifying their GRC processes and implementations. Aided by technological advances, they are implementing new GRC initiatives with teams of staff in place who can communicate effectively. This allows everyone in the process to know what’s happening, why, and where they fit in. They know what their responsibilities are, what information is required, and how to get it, leading to better more informed decision making. Technology allows not only for far more up-to-date information in the first place, but with all parts aligned it can then travel to target areas of risk exposure quickly. Compliance is also set to embrace mobile technology, utilizing specialist compliance apps that can report issues even fast, incorporating video and photo.
By reconciling everything into a single user-friendly portal, firms will in future provide employees with an interactive code of conduct, through which they can be educated using various multimedia resources. The same type of portal will also be used to provide policy and procedure management, which can be viewed as it is updated. The benefits of using a single portal are many, first among them that the compliance department is no longer drowning in spreadsheets and documents. A single system on which to record and capture issues and incidents and events means that management can readily capture reports made at every level of the organization, and loss information from incidents is easily fed into risk models to improve risk management.
You can find out more about GRC at Finance 2015 in Boston.