Applying GRC Software Tools in Practice
Governance, Risk and Compliance (GRC) software is all about integration. GRC software, such as Diligent’s Modern Governance solution, encompasses the integrated management of compliance risk, IT risk, financial risk, operational risk and strategic risk data gives companies a holistic view of risk management that is not possible if each of these risk categories has its own silo of data.
As a researcher at Gartner puts it: “Administrators can use a single framework to monitor and enforce rules and procedures. Successful installations enable organisations to manage risk, reduce costs incurred by multiple installations and minimise complexity for managers. Once in place, however, dashboards and data analytics tools allow administrators to identify an organisation’s risk exposure, measure progress toward quarterly goals or quickly pull together an information audit.
In practice, board members and management can easily get a holistic view of risk exposure and make informed decisions on actions. With GRC integrated into high-quality governance software, good decisions get made faster.
Find out the size and scale of the challenge that companies face in building a balanced board
Use Case: The CFO As Risk Manager
The CFO today partners with the CEO in creating a strategy and finding new opportunities for the company.
“This sees them ideally placed to set appropriate risk preferences and to instil a risk-oriented approach to decision-making processes for management,” writes one commentator.
A recent EY survey of CFOs worldwide revealed that 57 per cent of respondents cited risk management – financial and non-financial – as a critical capability for the future.
But another survey shows that most CFO respondents were not very confident about how risk management in their organisations was designed and operated, or how well it supported strategic planning. They also weren’t fully confident that Internal Audit was assessing risk management design and operation. Only 20 per cent reported feeling confident that they had the right metrics to determine that the organisation had the right actions and controls in place to address risk management and to ensure the effectiveness of risk management entity-wide.
CFOs have to understand the risk context, not just for financial risks, but for every type of risk that the business faces. Then they must constantly monitor the business for risk exposure and have strategies ready to control shocks.
Having a single dashboard for all the major risk categories, across the entire business, gives the CFO a chance to work on solutions instead of finding out problems. “Benefits to consider include improved compliance (fewer audit findings, regulatory enforcements and lawsuits), more tolerable risk treatment (prioritized and faster remediation) and more effective risk posture (lower cost of capital, insurance premiums and external audit fees). Improved cultural ownership of risks and controls is obtained when insights are shared and the vision is clear,” Deloitte writes.
Then, because the GRC platform can provide oversight of business processes, it can lead to continuous efficiency improvements. Identification of risk indicators means that the business runs a safer course. Information will be timely and more relevant to empower managers to align decisions with corporate strategy.
Where the CFO leads the risk-management function and the board as a whole drive an organisation-wide approach to risk management, companies will gain a competitive advantage. They will be better able to see how risks can disclose opportunities, where others only see threats and dangers. The organisation as a whole will benefit as from a top-down perspective change in which risk-awareness culture is embedded.
Use Case: Tracking Evolving Governance Rules and Applying Them to Operations
Company Secretaries have the responsibility for keeping up-to-date in every aspect of corporate governance and in legal and compliance regulations.
The regulatory climate in the UK has evolved towards an increasing complexity of regulations, as well as in reporting on compliance.
Using GRC software which includes Governance Intel applications enables the automation of tracking for regulatory and corporate governance changes.
GRC software enables treating corporate governance, defined as effective, ethical management of a company at the executive level, as an objectively measurable commodity. Using AI, the software can analyse risk and performance data, and then, when applicable governance requirements change or are imposed, can ensure that the company secretary, and eventually board members and management, are made aware of the changes.
This kind of data can be automatically shared with, for example, members of the Audit Committee or the Risk Committee when they need to know about it.
This kind of automated governance tracking saves money, with hours saved on risk and control work. But more importantly, it means that the dangers associated with compliance risk can be managed efficiently.
GRC Using Diligent’s Modern Governance Tools
As we’ve seen, GRC software offers vast benefits, according to lawyers Randal Dennings and William Yao of the law firm Clayton Utz, including:
- An improvement in the quality and availability of information;
- A reduction in data breaches and errors;
- A reduction in costs and greater efficiencies;
- A more flexible and externally focused workforce capable of rapid change to meet customer and organisational needs;
- A greater assurance for the organisation and its board and senior management that GRC issues are being appropriately dealt with and the organisation remains on target with its performance objectives; and
- Improved levels of communication across the organisation.
Diligent’s GRC Solution for Modern Governance
Diligent, the pioneer in Modern Governance, has created a suite of integrated SaaS applications that provide the means to achieve all these objectives. Our trusted, cloud-based applications enable secure information sharing throughout the organisation, so that Governance, Risk and Compliance data can be integrated, and acted on.
The Governance Cloud ensures the visibility of issues, as data is drawn from risk and compliance systems. It ensures that risks can be controlled while they are still imminent, and before they become problems to be resolved. The applications centralise critical data and protect your organisation’s most valuable information while enabling secure collaboration among board members and management.
Diligent’s Governance Cloud enables companies to centralise, manage and effectively structure GRC data, right across a multi-entity organisation. It permits storing entity information, documents and organisational charts in a highly secure format to create a single integrated source. This escalates governance and improves risk and compliance data collection. All of this leads to better reaction to risk and improved decision-making.
All of these functionalities work seamlessly with Diligent’s board portal, which provides a secure, cloud-based system for electronically filing and organising financial reports, so that board members can find and retrieve them quickly and easily. Diligent’s board management software is also part of the Governance Cloud. It helps auditors manage workflows and schedule audit-related tasks and reporting. Diligent makes it just as easy to access policies so board directors can review them according to legal or regulatory mandates, business objectives, risk and internal controls.
December 28, 2020
What Role Does the Board Play in Business Continuity Planning?
Continuing in the face of adversity has been the dominant theme of the past year. When the scale of disruption caused by COVID-19 became clear, businesses worldwide were forced to adapt rapidly to the restrictions that came into force overnight. While many organisations have business continuity plans designed to keep…
December 21, 2020
Business Continuity Plan Maintenance: A Step-by-Step Guide
A business continuity plan (BCP) is a living, evolving document. Designed to be activated when unplanned disruption strikes, it must be flexible enough to guide actions regardless of the specifics of the situation. In a fast-changing environment, business continuity plan maintenance is an essential part of the business continuity programme…
December 8, 2020
Board Meeting Minutes Best Practices and Guidelines
Guidelines for Board Meeting Minute Taking In order to keep the courtroom from invading the boardroom, the most basic rule is, “saying less is often better,” warns the London-based law firm Bricker & Eckler in a recent note. “Today’s business climate places heightened…