Vidya Phalke

Cloud-based GRC Intelligence Supports Better Business Performance

Cloud-based GRC Intelligence

All businesses need a strategy and processes for governance, risk and compliance (GRC). Many still view GRC activity as a burdensome ‘must-do,’ approaching it reactively and managing it with non-specialized tools. GRC is a necessary business endeavor but it can be elevated from a cost drain to a value-add activity. By integrating GRC holistically throughout the organization, and by minimizing manual and duplicative processes through the use of cloud-based tools, firms can benefit from actionable business intelligence and support rapid and informed decision-making.

compliance-cloud

Companies are questioning whether their GRC can be managed more efficiently because there is an increasing number and range of regulatory mandates and risk concerns that demand action. As problems arise, and multiple regulatory and compliance issues need to be addressed, but manual approaches to the day to day practice of GRC can swamp organizations through a constant need to monitor information sources for changes. The planning and implementation of changes often takes place as and when the demands arise.

Where GRC management and implementation occurs within business silos there is duplication of effort and inefficient cost control. There is also limited capability for knowledge sharing and learning across the organization.

Businesses need to tap into a staggering number of information sources to stay alert to changes in regulatory and legal requirements. If this is manual activity it’s a considerable burden. A MetricStream survey of 123 compliance professionals late last year looked at regulatory change management only and found that it is indeed a resource-hungry endeavor for businesses of all sizes.

Manual mind-set

A third of mid-sized businesses revealed they devote between three and ten employees to the activity, over 30 percent of large businesses said they have 21 or more and over 45 percent of small businesses reported one to two.

employees-digital

(Image Source: Shutterstock)

It’s a lot of resource to tie-up on regulatory activity. And a great deal of that resource’s time is spent on manual activities. Over 50 percent of respondents said monitoring regulatory intelligence sources for a new regulation, or changes to existing regulations, is part of their role. The three principal information sources being regulatory agency filings and releases, industry and trade associations and trade industry publications.

Cloud-based technology enables businesses to tap into collated GRC information sources. These can supply multiple information needs in one place and provide updates on regulatory compliance, risk, vendor due diligence and IT risk and compliance. With information brought together in this way, businesses can save valuable time and resource that would be spent on manual searches.

By integrating GRC knowledge with business systems and operations the whole activity can become even more streamlined and effective. The content picked up from the intelligence portal can be streamed automatically as alerts or email notifications.

From these automated alerts, businesses can quickly identify where action needs to be taken, notify relevant departments and individuals and address process and system workflows. Not only does this proactive approach to GRC management save cost and time on manual information scanning, it also helps businesses stay ahead of changes in regulation and compliance. This knowledge is elevated to almost real-time and the action to preserve corporate compliance is quicker and more efficient.

Integration and automation

In the same MetricStream survey, which was conducted late last year, nearly half (48 percent) of compliance respondents advised they still use office productivity software like spreadsheets to track regulatory changes. These traditional methods fail to address large and small enterprises need for compliance issues to be addressed at scale. However,cloud-based GRC intelligence can integrate with GRC systems to seamlessly update multiple policies, procedures and controls. Data sets can be applied across applications, including Enterprise Resource Management (ERM) systems and compliance. The trained risk and compliance personnel who have spent so much of their time market-watching can turn to more productive endeavors such as analysis, forecasting and implementation.

To a great extent, this takes a change of mind-set. It’s a cultural shift to stop viewing GRC as a cumbersome burden, and to instead incorporate it into the fabric of the organization. By adopting such an approach though, and by embracing automation to manage GRC, companies can derive real business value from taking a proactive approach.

GRC intelligence as a governance layer in the cloud can enhance business operations. From rapid change identification and the ongoing analysis of GRC data, quicker and better decision-making results. Integrated and automated GRC management puts companies in a better position to protect the company from contraventions and to perform well. By identifying risk patterns and trends, and using these in business planning the organization can improve its change response.

Fully rounded visibility into risk and compliance demands and GRC activities across the business is a step in the right direction to viewing GRC holistically, instead of in business silos. With GRC intelligence businesses can make more informed decisions and this means reduced risk and better business performance for competitive advantage.

By Vidya Phalke

Vidya Phalke

Vidya Phalke is responsible for MetricStream's technical architecture and strategy. Prior to being promoted to the CTO position, Vidya served as Vice President of Product Management and Engineering where he was responsible for MetricStream's Software Products and Platform Delivery. Starting with MetricStream in 2003, Vidya has been instrumental in developing an industry-leading GRC software platform. Before joining the software industry, Vidya earned a PhD in Computer Science from Rutgers University, where he won two Small Business Innovation Research grants for his research on databases and network optimization.

blcokchain contributor

Cryptographic Key Generation – It’s Time To Pay Attention

Cryptographic Key Generation When we think about cryptographic keys, we tend to think about closely guarded secrets. Keys are the only thing that keeps the attacker away from your encrypted data. Some keys are usually treated ...
GDPR – A Change in the Making

GDPR – A Change in the Making

Organizations all over the EU must be aware by now that the Data Protection Act (DPA) will be changed into GDPR (General Data Protection Regulation). Some of these changes might cause some compliance issues but ...
Secure Business Agility

Contrary to popular belief, a pro-privacy stance is good for business

Pro-Privacy Stance Right now privacy is a hot topic on LinkedIn posts, especially as it pertains to compliance with the General Data Protection Regulation. As a board advisor at Universal Patient Key, we've often talked about ...
What Skills Do I Need to Become a Data Scientist?

What Skills Do I Need to Become a Data Scientist?

Becoming a Data Scientist Leveraging the use of big data, as an insight-generating engine, has driven the demand for data scientists at enterprise-level, across all industry verticals. Whether it is to refine the process of ...
The Cure for Cloud Sprawl: Nimble Operationalization in the Multi-Cloud

The Cure for Cloud Sprawl: Nimble Operationalization in the Multi-Cloud

The Cure for Cloud Sprawl Enterprises are shifting to a cloud-first footing. That’s no secret. But just as companies and their IT teams are getting used to the idea of going to the cloud, now ...
The Lighter Side Of The Cloud - The Money Grab
The Lighter Side Of The Cloud - Autonomous Sleigh
The Lighter Side Of The Cloud - Security Overkill
The Lighter Side of the Cloud - Procurement
The Lighter Side Of The Cloud - Big Broadband
The Lighter Side Of The Cloud - iPatch
The Lighter Side Of The Cloud - Hydro Cancellation
The Lighter Side Of The Cloud - The Apple Watch
The Lighter Side Of The Cloud - The Backup Reminder

CLOUDBUZZ NEWS

Oracle Blockchain Cloud Service and Financial Services Enable Next-Gen Blockchain Innovators

Oracle Blockchain Cloud Service and Financial Services Enable Next-Gen Blockchain Innovators

Students Tackle Real Problems and Succeed in Blockchain Challenge In an effort to accelerate blockchain innovation in Financial Services and other industries, Oracle recently joined academia and banking industry leaders as part of the Carolina Fintech ...
StumbleUpon is closing down after 16 years

StumbleUpon is closing down after 16 years

StumbleUpon, the social content discovery platform founded way back in 2001, is closing down. Cofounder Garrett Camp made the announcement in a blog post earlier today, stating that StumbleUpon accounts can be ported over to another of ...
Artificial Intelligence to Add US$182 Billion to UAE Economy by 2035, Accenture Research Shows

Artificial Intelligence to Add US$182 Billion to UAE Economy by 2035, Accenture Research Shows

Financial services, healthcare, and transport and storage industries likely to see the biggest gains DUBAI, United Arab Emirates; May 21, 2018 – Artificial intelligence (AI) has the potential to boost economic growth in the United ...