Compliance is no longer the driving force behind Governance, Risk and Compliance (GRC), in fact according to a recent MetricStream survey, 70% of respondents said they embraced GRC primarily for risk management. In this post MetricStream explores the reasons behind the increasing focus on risk management and how technology can help companies build a streamlined and transparent GRC infrastructure. This post originally appeared on the MetricStream blog and was published here with permission.
The bankruptcy at Enron is undoubtedly one of the biggest examples of accounting frauds in corporate history, not just in America, but in the world. The Enron scam also proved a point that’s often understood well but ignored! It drove the point that a well-written Code of Conduct or Compliance Program Manual does not constitute an effective compliance program. Enron had a strong Code of Conduct, at least on paper, but all of that did not prevent the massive fall of the energy company.
The modern CIO finally seems to have come to terms with reality. If you think compliance is what drives the modern-day CIO towards Governance, Risk and Compliance (GRC), think again. For, GRC is maturing and evolving. Fast, pretty fast. While CIOs today are convinced of the importance of GRC, the rationale for investing in GRC has moved from compliance to risk management. Compliance has become a given.
In a recent MetricStream survey, 70% of the respondents said they embraced GRC to improve their company’s risk oversight. Others factors like cyber security, third party compliance and regulatory compliance of course are part of the drivers but they have become secondary to risk management.
So, what is risk management and what makes it complicated? The Financial Times lexicon defines Risk management as “The process of identifying, quantifying, and managing the risks that an organisation faces. As the outcomes of business activities are uncertain, they are said to have some element of risk.” What makes it complicated can be a couple of factors, but Mobility is currently ‘the’ factor contributing most to a company’s risk quotient. Mobility has moved beyond tablets and smartphones. Today, data itself is mobile. A CIO of one of the top banks said in a recent conversation with MetricStream: “I have 3,000 thousand apps on the cloud.” Now, that means data is everywhere, data is highly mobile.
To enable large-scale adoption, MetricStream, the market leader in GRC apps, is working on Pervasive GRC along with making GRC Simple. A truly unifying and Pervasive GRC technology can help organisations build a centralised and transparent GRC ecosystem. It can support an enterprise-wide culture of GRC awareness and accountability by enabling and empowering each employee and business function to manage their risk and compliance responsibilities independently, while simultaneously rolling up data from across the enterprise to provide a complete top-level GRC perspective. As part of its Pervasive GRC strategy, MetricStream provides GRC capabilities that are pre-integrated with the customers’ apps.
Making GRC simple is at the heart of MetricStream. “Our aim is to ensure the GRC requirements of our customers are seamlessly met and integrated with their existing Salesforce or ERP solutions,” said French Caldwell, Chief Evangelist at MetricStream.
The future: To make GRC all pervasive and all inclusive, it will require technologies like advanced analytics and advanced monitoring capabilities which will offer seamless availability of risk and regulatory intelligence.
November 30, 2020
The Technological Revolution: How Technology Drives Innovation in the Boardroom
If the board is not examining its own practices and not looking for better, more efficient and more process-driven solutions to routine tasks, then there’s every chance that such a laissez-faire approach to innovation and forward-thinking will permeate the rest of the business too. As Board Agenda’s Managing Editor Gavin Hicks noted in the recent Diligent/Board Agenda webinar: “Companies that innovate succeed. Those that don't often fail.” So what practices should boards be evaluating to utilise the technological revolution and embrace innovation?
September 19, 2019
What is the Diligent Governance Cloud?
In the quest for good governance, companies have focused heavily on finding efficient, cost-effective solutions for risk and compliance issues. Even while the market has placed the importance of practising good corporate governance in the limelight, governance solutions have lagged behind risk and compliance solutions. Diligent designed the…
November 16, 2018
Cybersecurity – The Disconnect Between the Chief Information Security Officer and the Board
Chief Information Security Officers (CISOs) need to better communicate strategies and initiatives to board members. UK companies are under threat from cyberattacks, yet only about five per cent have a Chief Information Security Officer, either on the board or working with the board, a recent Deloitte poll shows.