GRC Intelligence Supports Better Business Performance

Vidya Phalke

Cloud-based GRC Intelligence

All businesses need a strategy and processes for governance, risk and compliance (GRC). Many still view GRC activity as a burdensome ‘must-do,’ approaching it reactively and managing it with non-specialized tools. GRC is a necessary business endeavor but it can be elevated from a cost drain to a value-add activity. By integrating GRC holistically throughout the organization, and by minimizing manual and duplicative processes through the use of cloud-based tools, firms can benefit from actionable business intelligence and support rapid and informed decision-making.

Companies are questioning whether their GRC can be managed more efficiently because there is an increasing number and range of regulatory mandates and risk concerns that demand action. As problems arise, and multiple regulatory and compliance issues need to be addressed, but manual approaches to the day to day practice of GRC can swamp organizations through a constant need to monitor information sources for changes. The planning and implementation of changes often takes place as and when the demands arise.

Where GRC management and implementation occurs within business silos there is duplication of effort and inefficient cost control. There is also limited capability for knowledge sharing and learning across the organization.

Businesses need to tap into a staggering number of information sources to stay alert to changes in regulatory and legal requirements. If this is manual activity it’s a considerable burden. A MetricStream survey of 123 compliance professionals late last year looked at regulatory change management only and found that it is indeed a resource-hungry endeavor for businesses of all sizes.

Manual mind-set

A third of mid-sized businesses revealed they devote between three and ten employees to the activity, over 30 percent of large businesses said they have 21 or more and over 45 percent of small businesses reported one to two.

It’s a lot of resource to tie-up on regulatory activity. And a great deal of that resource’s time is spent on manual activities. Over 50 percent of respondents said monitoring regulatory intelligence sources for a new regulation, or changes to existing regulations, is part of their role. The three principal information sources being regulatory agency filings and releases, industry and trade associations and trade industry publications.

Cloud-based technology enables businesses to tap into collated GRC information sources. These can supply multiple information needs in one place and provide updates on regulatory compliance, risk, vendor due diligence and IT risk and compliance. With information brought together in this way, businesses can save valuable time and resource that would be spent on manual searches.

By integrating GRC knowledge with business systems and operations the whole activity can become even more streamlined and effective. The content picked up from the intelligence portal can be streamed automatically as alerts or email notifications.

From these automated alerts, businesses can quickly identify where action needs to be taken, notify relevant departments and individuals and address process and system workflows. Not only does this proactive approach to GRC management save cost and time on manual information scanning, it also helps businesses stay ahead of changes in regulation and compliance. This knowledge is elevated to almost real-time and the action to preserve corporate compliance is quicker and more efficient.

Integration and automation

In the same MetricStream survey, which was conducted late last year, nearly half (48 percent) of compliance respondents advised they still use office productivity software like spreadsheets to track regulatory changes. These traditional methods fail to address large and small enterprises need for compliance issues to be addressed at scale. However,cloud-based GRC intelligence can integrate with GRC systems to seamlessly update multiple policies, procedures and controls. Data sets can be applied across applications, including Enterprise Resource Management (ERM) systems and compliance. The trained risk and compliance personnel who have spent so much of their time market-watching can turn to more productive endeavors such as analysis, forecasting and implementation.

To a great extent, this takes a change of mind-set. It’s a cultural shift to stop viewing GRC as a cumbersome burden, and to instead incorporate it into the fabric of the organization. By adopting such an approach though, and by embracing automation to manage GRC, companies can derive real business value from taking a proactive approach.

GRC intelligence as a governance layer in the cloud can enhance business operations. From rapid change identification and the ongoing analysis of GRC data, quicker and better decision-making results. Integrated and automated GRC management puts companies in a better position to protect the company from contraventions and to perform well. By identifying risk patterns and trends, and using these in business planning the organization can improve its change response.

Fully rounded visibility into risk and compliance demands and GRC activities across the business is a step in the right direction to viewing GRC holistically, instead of in business silos. With GRC intelligence businesses can make more informed decisions and this means reduced risk and better business performance for competitive advantage.

By Vidya Phalke

Suraj Gupta

The Rise of the “Ecosystem of Ecosystems”

Ecosystems Emergence Even during these uncertain times, once fierce competitors are now collaborating and co-existing to not only survive, but thrive. Salesforce is partnering with ...
Gilad David Maayan

Leveraging Managed Kubernetes to Improve Your Operations

Leveraging Managed Kubernetes Kubernetes simplifies container orchestration, but sometimes companies are struggling with Kubernetes adoption. Many organizations do not have the required expertise to configure ...
Kayla Matthews

6 Reasons More Organizations Are Adopting Zero Trust

Organizations Adopting Zero Trust The zero trust model is becoming more commonplace in security. It's based on the realization that threats exist inside and outside ...
Hacker Cloud

Pandemic and Cybersecurity: Top Threats to Businesses

Pandemic and Cybersecurity The worldwide spread of the COVID-19 virus is coming to naught (or at least we hope so). But the impact that this ...
Nikolas Kairinos

The growing role of AI in Sales and Marketing

AI in Sales and Marketing  Artificial intelligence (AI) as a Sales and Marketing (SaM) tool to help businesses deliver a better customer experience and secure ...
Garry Connolly

What’s Behind Smart Devices? A Data Centre, Of Course

Smart TV's, Smart Phones, What’s Behind Smart Devices? It’s not difficult to be “smart” these days. We wake up in the morning and check our ...
Ajay

Explainable Intelligence Part 3 – The Strategy for XAI

The Strategy for XAI It is not enough to say that something is true just because 'I know it’s true!' – we have to have ...
Mark Kirstein

Episode 6: Cloud Migration: Why It’s More Important Than Ever

The Importance of Cloud Migration Moving fully to the cloud is still a concern for many companies, but with millions of employees working from home, ...
Anita Raj

Can the cloud handle the streaming explosion caused by the pandemic?

The Streaming Digital Explosion From the time the coronavirus forced the global community to stay at home, a whopping 16 million people have newly subscribed ...
Mark Barrenechea

The Digital Era Moves Into The Information Era

We have entered the Information Era Building on the groundwork of automation, connectivity and computing power that defined digital, the Information Era is characterized by ...