It is well known that the business case for technology that monitors governance, risk and compliance (GRC) is compelling. GRC solutions establish an approach that ensures the right people get the right information at the right times; that the right objectives are established; and that the right actions and controls are put in place to address uncertainty and act with integrity. The meaning of GRC software was invented by the Open Compliance and Ethics Group (OCEG) in 2003, refers to the integrated collection of capabilities that enable an organisation to reliably achieve objectives, address uncertainty and act with integrity. This organisation has developed the culture of GRC throughout companies around the world.
In the UK, corporate governance compliance has become increasingly complex, as boards are expected to report on a much wider range of issues than in the past. The Modern Governance tools in Diligent’s Governance Cloud can turn complex compliance data into information that boards can act on.
“UK companies are facing a series of government and regulatory initiatives, including a series of new reporting requirements imposed by the 2018 revision of the corporate governance Code,” writes Simon Lowe, chair of the Grant Thornton Governance Institute.
As risk and compliance reporting becomes ever-more complex, UK companies are increasingly seeking an integrated solution, one that will pull together the essential data in the most useful form. In a survey of large and mid-size companies, Deloitte found that about half of the respondents “were extremely concerned about the ability of their risk technology to respond to new regulatory requirements.” And nearly 8o per cent of the companies surveyed responded that their existing technology did not react to the rapid pace of risk management effectively.
Governance, Risk and Compliance Software Tools
In today’s dynamic and volatile corporate environment Governance, Risk and Compliance software (GRC) is more important than they have ever been. The scope of GRC solutions is wide, as management expert Norman Marks writes. “Governance includes the setting of objectives and strategies, managing the organisation through informed and intelligent decision-making, measuring and monitoring performance, and much more (such as the board, Legal, and Internal Audit). The journey to success has to include the anticipation and handling of what might happen (Risk) while acting with integrity (Compliance). Every part of the organisation has to work together, in harmony and with shared objectives, if the potential of the enterprise is to be realised.”
Instead of treating each conformity and risk issue as an individual problem, firms are now seeking a common approach. “Companies that do not implement such integrated solutions are paying substantially in terms of increased complexity, wasted resources, decreased flexibility, and greater exposure to threats, which eventually impede business growth and performance,” writes Grand View Research.
Find out the size and scale of the challenge that companies face in building a balanced board
GRC Software Demand Increases But Solutions Do Not Adapt Well
Driven largely by this need for integration, the global enterprise governance, risk and compliance market is expected to reach $64.62 billion by 2025, according to Grand View Research. It is expected to see a Compound Annual Growth Rate of 12.9 per cent in the next five years.
It is notable that GRC adoption is largely shifting to the Cloud, according to an Open Compliance and Ethics Group (OCEG) study. Nearly half of companies that have adopted GRC have chosen SaaS solutions, while only 30 per cent have opted for on-premise implementations.
But the study shows that alignment with management needs is still very weak, on average. Most enterprises that adopt GRC are struggling with integration issues, as pulling all the data together into one platform has proven elusive. “When employees perceive the technology as not supporting their needs effectively, they will often continue to rely on their legacy technology and in the case of GRC that typically means spreadsheets, email and documents. This will have a negative effect on utilisation of GRC technology, slowing down adoption or even causing organisations to abandon GRC solutions,” according to the study.
What this means is that finding the right GRC solution is a bit different from choosing other types of systems, because the scope for application is so broad, and the need for it to work right across the organisation is paramount. Boards should first make an effort to understand how the various aspects might be improved by technology. Then, as Deloitte explains, they should try to see where the same technology can make them work together.
It is important that all of the functions provided by GRC solutions are integrated into a single platform. Disparate bits of information in separate locations do not assist Boards in gaining insights. GRC refers to a capability to provide a holistic view of all of the processes – with responsibility running right across the organisation. GRC is a set of processes and practices that runs across departments and functions. There is no holistic vision without a single “dashboard” that changes not only with respect to internal activity, but also in terms of market evolution and economic conditions.
Most GRC solutions has evolved out of the risk management framework. But, as Norman Marks has pointed out, the scope of GRC goes well beyond that. “This is more than adding key risk indicators to a report with key performance indicators. It’s about understanding how likely we are to achieve our objectives.”
This means pulling in data from across the enterprise and breaking down individual siloes. Using data analytics to monitor risks and behaviour, GRC tools breaks down “siloes,” of data, so that company secretaries can use a single framework to monitor and enforce rules and procedures. Employing a secure board portal as GRC software is a robust and effective solution.
GRC Tools Using Diligent’s Modern Governance Solution
Diligent, the pioneer in Modern Governance, has created a suite of integrated SaaS applications that achieves this objective. Our trusted, cloud-based applications enable secure information sharing throughout the organisation, so that Governance, Risk and Compliance data can be integrated, and acted on.
The Governance Cloud ensures the visibility of issues, as data is drawn from risk and compliance systems. It ensures that risks can be controlled while they are still imminent, and before they become problems to be resolved. The applications centralise critical data and protect your organisation’s most valuable information while enabling secure collaboration among board members and management.
Diligent’s Governance Cloud enables companies to centralise, manage and effectively structure GRC data, right across a multi-entity organisation. It permits storing entity information, documents and organisational charts in a highly secure format to create a single integrated source. This escalates good corporate governance and improves risk and compliance data collection. All of this leads to a better reaction to risk and improved decision-making.
All of these functionalities work seamlessly with Diligent’s board portal, which provides a secure, cloud-based system for electronically filing and organising financial reports so that board members can find and retrieve them quickly and easily. Diligent’s board management software is also part of the Governance Cloud. It helps auditors manage workflows and schedule audit-related tasks and board reporting. Diligent board software and meeting management software makes it just as easy to access policies so that board directors can review them according to legal or regulatory mandates, business objectives, risk and internal controls.
October 16, 2019
Succession Planning and Future-Proofing Your Board
Succession planning cannot be treated as only about the future, because it has a huge impact on the careers of the current leaders who are responsible for its success. Succession planning links today and tomorrow, and this is what drives the emotions involved for…
October 14, 2019
Board Diversity and Board Performance
Are UK Boards Becoming More Diverse? Corporate governance experts strongly recommend greater board diversity on corporate boards, so it is good to see that UK companies are improving in this respect. There is ample evidence that boardroom diversity drives…
October 8, 2019
Business Email Compromise – The Latest UK Cyber Threat
The UK Cyber Security Challenge and Business Email Compromise Businesses in the UK are today suffering a wave of cyberattacks in the form of “Business Email Compromise” (BEC) and it is essential to know how to gear up your board for cyber attacks.