P. Unnikrishnan, Director & Global Head of Risk Analytics & Advisory Services, Hewlett Packard
The intensity of change in today’s business environment requires new ways of thinking about risk. It is facing a maze of disruptive technologies, cyber-threats, complex business ecosystems, globalizing markets and amplified regulatory scrutiny. Businesses need proactive, innovative governance, risk, and compliance strategies to seize competitive opportunities and meet stakeholder expectations.
Technology has penetrated all walks of our life; businesses are no different, in fact they are at the forefront of experiencing the impact of technology. Earlier technology used to be an enabler for implementing business models, however today technology is playing far more important role and is actually influencing, shaping and creating new business models. Technology not only impacts the core business processes of an organization but also enables functions like GRC to leverage it to enhance their value proposition & contribution.
Governance, Risk Management and Compliance are three pillars that work together for the purpose of assuring that an organization can meet its objectives. Governance is the combination of processes established and executed by the board of directors of a company that are enabled through the organization's structure and how it is driven towards achieving the objectives. Risk management is a formal process of identifying; assessing and managing risks that could hinder the organization to achieve its objectives. Compliance ensures that an organization has the processes and internal controls to meet the requirements imposed by governmental bodies, regulators, industry mandates or internal policies.
The effectiveness of GRC function in ensuring organizations meet its stated objectives in a well-managed and compliant environment can be further enhanced through the use of technology. Let’s look at how technology is positively impacting the GRC function and making its contribution more relevant to the business:
#1: Automation of GRC programs through Specialized Software Application
We see an upward trend in automation of the GRC activities in companies through the use of in-house or third party GRC software applications. The primary purpose of GRC software is to automate work associated with the documentation and reporting of the risk management and compliance activities that are most closely associated with corporate governance and business objectives. The key functions of GRC software generally are audit management, policy management, compliance management and risk management. We see organizations moving towards an integrated platform solution (from spreadsheets) to integrate multiple aspects of GRC seamlessly, drive continuous improvement in the program and also to provide top management real time view of GRC posture in the company.
#2: Linking GRC to Overall Information Management Strategy
As organizations evaluate their current risk information and data needs, executives involved with GRC will find it valuable to work with their CIO and IT functions and consider the organization’s information management strategy and capabilities as they make decisions to purchase, enhance, or build GRC support systems. These organizations might also find it beneficial for the GRC program to actively participate in the overall IT governance process so their needs for risk information can be incorporated into the organization’s information management strategy. More mature GRC programs will find it beneficial to align their activities with their organization’s strategic planning and goal-setting processes.
Future risk applications using this technology can further enhance risk management when integrated with workflow process and business rule logic software. Business rules systems can be pre-programmed to seek out and capture emerging risk data within transaction execution systems and present these data points to management in more consumable formats.
#3: Analytics Driving Real Time and Accurate GRC Decision Making
With data exploding across organization and the supply chain extending beyond the organizational boundary, driving GRC objectives is getting increasingly complex. GRC influences multiple organizational decisions and having a data driven GRC program is required to connect and correlate events occurring within and outside the organizational boundaries to ensure intelligence is extracted out of the data maze. Companies are leveraging technology driven data analytics for their GRC program to get real time, relevant and cognitive information useful to make the business decision without diluting the governance, risk & compliance requirements within the operating model. Additionally Big Data analytics technology is helping organizations to optimally allocate resources to most critical areas as per their GRC requirements.
#4: Integration of GRC Requirements into Business Process Automation
Advent of business process automation technologies like robotics, process specific platforms etc. have enabled organizations to capture, design and build some of their key GRC requirement into the process automation blueprint. This enables companies to better manage GRC objectives at micro level which lends itself well into the overall GRC framework at the macro organizational level. We see process automation vendors incorporating GRC requirements for example. continuous monitoring into their design build.
#5: Better ROI for the Business
Investments in technology driven risk management and compliance practices have shown to provide improved returns for organization due to ease of scalability and flexibility. As technology drives a paradigm shift in business and operating models impacting the internal and external ecosystem. An organization’s ability to incorporate these changes into their GRC practices becomes very important for good governance and risk management. Technology enabled GRC programs are able to absorb these changes better and modify itself faster to keep the organization well governed & compliant while driving better returns.