Compliance is no longer the driving force behind Governance, Risk and Compliance (GRC), in fact according to a recent MetricStream survey, 70% of respondents said they embraced GRC primarily for risk management. In this post MetricStream explores the reasons behind the increasing focus on risk management and how technology can help companies build a streamlined and transparent GRC infrastructure. This post originally appeared on the MetricStream blog and was published here with permission.
The bankruptcy at Enron is undoubtedly one of the biggest examples of accounting frauds in corporate history, not just in America, but in the world. The Enron scam also proved a point that’s often understood well but ignored! It drove the point that a well-written Code of Conduct or Compliance Program Manual does not constitute an effective compliance program. Enron had a strong Code of Conduct, at least on paper, but all of that did not prevent the massive fall of the energy company.
The modern CIO finally seems to come to terms with reality. If you think compliance with the modern-day CIO for Governance, Risk and Compliance (GRC), think again. For, GRC is maturing and evolving. Almost, pretty almost. While CIOs today are convinced of the importance of GRC, the rationale for investing in GRC has moved from compliance to risk management. Compliance has become a given.
In a recent MetricStream survey, 70% of the respondents said they embraced GRC to improve their company’s oversight risk. Others factors like cyber security, third party compliance and regulatory compliance are part of the drivers but they have become secondary to risk management.
So, what is risk management and what makes it complicated? The Financial Times lexicon defines risk management as “The process of identifying, quantifying, and managing the risks of an organization. “What makes it complicated can be a factor of risk, but mobility is currently the factor contributing to a company’s risk quotient. Mobility has moved beyond tablets and smartphones. Today, data itself is mobile. A CIO of one of the top banks said in a recent conversation with MetricStream: “I have 3,000,000 apps on the cloud.” Now that data is everywhere, data is highly mobile.
To enable large-scale adoption, MetricStream, the market leader in GRC apps, is working on paving GRC along with making GRC Simple. A truly unifying and pervasive GRC technology can help build a centralized and transparent GRC ecosystem. It can support an enterprise-wide culture of GRC perspective. As part of its Pervasive GRC strategy, MetricStream provides GRC capabilities that are pre-integrated with the customers’ apps.
Making GRC is simple at the heart of MetricStream. “Our aim is to ensure the GRC requirements of our customers are seamlessly integrated with their existing Salesforce or ERP solutions,” said French Caldwell, Chief Evangelist at MetricStream.
The future: To make GRC all pervasive and all inclusive, it wants to require technologies like advanced analytics and advanced monitoring capabilities.