Today’s Risk and Compliance Landscape

Vidya Phalke

Pervasive GRC: The Way Forward For the Long Term

The Risk and Compliance Landscape

In 2014, blue-chip companies racked up billions of dollars of losses due to un-managed risks and incidents of non-compliance. These risk and compliance failures resulted in massive fines – some in excess of $1 billion dollars – for several individual organizations. Especially for heavily regulated industries, the risk and compliance landscape will only become more complex and more difficult to navigate. As companies become bigger, if they ignore potential risks and compliance issues, their losses will only become bigger, harder to manage, and harder to recover from.

It is increasingly important to read and understand regulators’ corporate sentencing guidelines in the countries where your organization operates — some compliance infringements involve actual jail time. Simply stated, the C-suite should comply for the right reasons. There are reasons why ignition switches should pass safety checks, reasons why organizations must protect customer data, and reasons why money from crime should not be laundered. A company should not just pay lip service to regulations; those at senior levels must behave with forethought.

The Age of the Customer

No matter the size, industry, or geography of your organization, 2015 is the age of the customer. Organizations are getting smarter, more proactive, and more sophisticated when it comes to listening to their customers and responding to their needs. With social media and hyper connectivity through mobile devices, your customers have an amplified voice, a platform to share it, and more clout than ever before. As such, social media is an important platform – for both listening to, and responding to your customers.

listening-risk

So, are companies today listening to their customers? Recent incidents at leading organizations such as Borders, Netflix, Lulu Lemon, BP, SeaWorld, Abercrombie & Fitch, and Radioshack serve as recent reminders of just how important this is. And, in the context of risk and compliance, listening to your customers and cultivating loyal long-term customer relationships is becoming a matter of any company’s ability to survive and thrive.

Are organizations thinking about their customers in the context of risk and compliance? In 2013, Lloyd’s Risk Index identified “loss of customer” or “cancelled orders” as the second most critical business risk, but only 13 percent of companies surveyed indicated that they link “customer risk” to their corporate strategy. Thus, many organizations are not adequately thinking about and planning for how to mitigate and manage customer-related risks.

It is important that companies take the steps now to proactively listen and take better care of their customers, so they don’t have to be legislated into good customer care. The good news is that some organizations and industries are already demonstrating this; for example, we can point to a few recent incidents of data breaches that have been handled with prompt notification and corrective action. Frequent and proactive communication with your customers is important, especially in a time of crisis.

I urge today’s risk and compliance executives to help lead this customer-centric charge. Review the top risks on your radar, and determine where “customer impact” fits in. With the right teams, the right strategies, and the right solutions, every department can start to move beyond a “checkbox” mentality when it comes to managing their customer relationships.

Managing Reputation by Harnessing The Wisdom of The Crowd

If your organization is not already monitoring online channels for emerging risk and compliance issues, then it is missing a huge opportunity. For example, every time your company is mentioned in a Tweet, does someone in your organization receive an automatic notification? The good news is that for the most part, organizations are aware of just how important this kind of active listening is; the bad news is that most organizations do not have the tools in place to do this.

Some might say that an organization’s reputation is worth more than the buildings it owns. In today’s interconnected world, the reputation of your organization, as well as that of your vendors and suppliers matters, too. In order to manage reputation as a strategic and competitive asset, organizations must listen.

complience-risks

open source Intelligence (OSINT) spans a number of reputation related data points: fraud, counterfeiting, third-party risk, corporate security, data protection, privacy, and corporate compliance. In short: anything and everything to do with your reputation. We are seeing organizations get smart about how they map together various and disparate data points. In particular, risk and compliance professionals are gradually starting to recognize the importance of OSINT, and integrating it into their GRC platform. They are also integrating sales, services and customer relationship management (CRM) systems with their GRC platform. After all, data is most actionable when it is holistic, comprehensive, and contextual.

GRC Market Shift

There are sophisticated GRC solutions on the market that can help organizations comb through massive volumes of data and create a central source of truth for their organization. Independent technology and market research company Forrester Research has studied the GRC market, and predicts a disruptive shift in the sale of governance, risk & compliance (GRC) software. The GRC market is expected to reach $1.3 billion in 2015, and is comprised of 65 software companies. Over the next 5 years, Forrester expects the GRC market to see increased competition from business applications such as Oracle, SAP, and salesforce.com.

Towards Pervasive GRC

No doubt, the GRC market is evolving to keep pace with the changing way in which business is conducted. One thing remains certain: GRC is more important than ever, and those carrying out its work are critical to the success of their organization.

Organizations are deriving significant value from embarking on a GRC journey, benefits which include lowered costs and reduced manual work. More importantly, with GRC, risks become more transparent, and the inter-linkages between risks become clear. Compliance processes become more streamlined and sustainable. Audit functions can be done less intrusively and with a significant time reduction – for example, a mobile expenses tool can be used when traveling to automate the evidence-generating side of audit. Expense report allowances are different in Hawaii and Vermont, and GRC technology can be attuned to the geographic location of your employees.

As GRC becomes further ingrained in the organizational DNA, its ability to positively build reputation, influence business performance, and establish the right balance between risk appetite and business goals becomes more self-evident. Pervasive GRC is really about the creation of a real time policy-making and risk-based decision-making mechanism within the organizational hierarchy, driven by the changing context of how business is done, and coupled with continued technological innovation and advancement.

By Vidya Phalke

Miha Kralj

SaaS Native – Design, Delivery and Management of Applications

Going cloud native, the right way Moving from a traditional IT organization to one that’s cloud native is an inevitability for all businesses. This is ...
Kevin Ovalle Anderson Frank

How cloud-based business management can help an SMB go global

Global SMB Business Management Most companies today are familiar with the cloud; using software-as-a-service (SaaS) apps and customer relationship management (CRM) for years. However, many ...
Kaylamatthews

What You Need to Know – IoT and Real-Time Operating Systems

Real-Time Operating Systems A real-time operating system, or real-time OS, appears to execute tasks while using a single processing core simultaneously.  However, what's really happening ...
Anita Raj

Will there be a normal to go back to after COVID-19?

The COVID-19 Aftermath Until November last year, not one of us would have expected life to take such a dramatic turn in as short as ...
Brad Thies

SOC Reporting Requirements You Need to Know in a Cloud Environment

SOC Reporting Requirements Security lapses in some of the world's biggest companies continue to appear in news headlines, and information security is top of mind ...
Kip Compton

What’s Ahead for Cloud in 2019

The Cloud In 2019 2018 was an incredible time for cloud. Its impact on customer experiences, business processes and models, and workforce innovations was undeniable ...