Three Tips To Simplify Governance, Risk and Compliance

Governance, Risk and Compliance

Businesses are under pressure to deliver against a backdrop of evolving regulations and security threats. In the face of such challenges they strive to perform better, be leaner, cut costs and be more efficient. Effective governance, risk and compliance (GRC) can help preserve the business’ corporate integrity and protect the brand, but in an ever-changing technology landscape and with complex, inter-related business operations to manage, implementing GRC can seem like a complex undertaking.

Many businesses still manage operations departmentally, with activities separated by business silos. This can make implementing policies and processes with pan-business reach seem difficult. GRC falls into this category – it has to span all business departments – but it doesn’t have to be such a headache.

Businesses can simplify GRC with these three tips:

1. Don’t boil the ocean

GRC covers a lot of ground – operational risk, compliance, cybersecurity, third party management, auditing and so on – and incorporates hundreds of rules and regulations, dozens of policies and scores of risk management activities.

The trick to simplification is to take it one step at a time; to not try and do everything at once. Anyone attempting to deploy an integrated solution for all GRC activities in one go is courting failure.

Instead, take on two or three activities to be prioritized within an integrated GRC program. A few simple questions about your business processes – how they work, how they can be more effective, and how they can be audited and monitored – will reveal where the priorities lie for efficient GRC.

Many companies start with internal auditing and Sarbanes-Oxley (SOX) compliance for financial reporting. Others with enterprise risk management or operational risk management; still others with IT compliance and policy management.

Developing common frameworks and taxonomies – which is a critical foundation for effective GRC – is simpler begun with two or three key activities. Over time, additional activities can be brought into an integrated GRC program.

2. Develop common frameworks and taxonomies

A valuable benefit of an integrated GRC solution is that different activities – risk management, compliance, auditing and so on – can share information. For this to work effectively, they need to conform to common taxonomies. As well as enabling collaboration, common taxonomies can help identify redundancies so that rationalization can take place. This keeps the system up to date and helps reduce the cost of control testing and risk assessments.

Policies and rules held within common frameworks give companies the control they need for rapid change when it comes about. It’s one thing to embed automation within systems so that, for example, payments over a certain authorization level get the required sign-off before they’re authorized, but what happens after a merger or acquisition? If all those rules are hardwired into individual systems, there’s a whole bunch of work to do to achieve consistency across merged companies. When the rules sit outside individual workflows they can trigger action inside. The set of these rules ‘libraries’ is qualified in the GRC system.

3. Use pre-packaged cloud-based applications

Most vendors offer both on premise and cloud-based application – Going with the cloud relieves the business’ IT infrastructure from supporting the GRC solution. GRC in the cloud helps consign manual processes to the past. Furthermore, future upgrades are simpler with pre-packaged solutions that haven’t been customized.

The cloud approach also ensures that you are set up for real-time Content Integration such as Regulatory Change Management. This is important because GRC is not only about systems and tools but it is also about staying abreast and ahead of the regulatory landscape that is constantly evolving.

Risk and regulation is always evolving. The way businesses manage it cannot stand still either. The future of GRC lies in automation, integrated reporting and a culture of compliance. By heeding the three tips for simpler GRC, businesses can help mitigate risk, minimize compliance firefighting and smoothly manage change wherever it may come from to drive better business performance.

By Vidya Phalke

Anita Raj

A Winning Data Strategy Series Part 2: Data, an Asset, or a Liability?

Data, an Asset, or a Liability? This is the second piece of a 5-part series on plugging the obvious but overlooked gaps in achieving digital success through a refined data strategy. You can read the ...
Cloud Based Accounting

How Cloud Has Changed The Modern Accounting

Modern Accounting The modern-day accounting has come a long way from the times when the financial information existed only on paper. Today, advancement in technology has transformed almost every aspect of the accounting industry. It ...
Bill Schmarzo

Master Machine and Human Learning to Win the Digital Transformation Wars

The “Economies of Learning” are more powerful than the “Economies of Scale” This may be my most powerful concept (outside of the Schmarzo Economic Digital Asset Valuation Theorem and the Big Data Business Model Maturity ...
Chris Collins

How The Cloud Put Customers First During COVID-19

Tech’s True Value in a Crisis One of the cloud’s biggest assets has always been crisis preparedness—because when disaster strikes, you don’t have to worry about the viability of on-premise servers or the availability of ...
The Top 20 Machine Learning Startups To Watch In 2021

The Top 20 Machine Learning Startups To Watch In 2021

Machine Learning Startups There are a record number of 9,977 machine learning startups and companies in Crunchbase today, an 8.2% increase over the 9,216 startups listed in 2020 and a 14.6% increase over the 8,705 ...
Shells.com – Your Personal Cloud Computer

Shells.com – Your Personal Cloud Computer

Personal Cloud Computer Shells, a robust virtual desktop infrastructure, ensures better performance by enabling its users to incorporate a layer of virtualization between the control server and any device that they choose. This way, it ...