It is well known that the business case for technology that monitors governance, risk and compliance (GRC) is compelling. GRC solutions establish an approach that ensures the right people get the right information at the right times; that the right objectives are established; and that the right actions and controls are put in place to address uncertainty and act with integrity. The meaning of GRC software was invented by the Open Compliance and Ethics Group (OCEG) in 2003, refers to the integrated collection of capabilities that enable an organisation to reliably achieve objectives, address uncertainty and act with integrity. This organisation has developed the culture of GRC throughout companies around the world.
In the UK, corporate governance compliance has become increasingly complex, as boards are expected to report on a much wider range of issues than in the past. The Modern Governance tools in Diligent’s Governance Cloud can turn complex compliance data into information that boards can act on.
“UK companies are facing a series of government and regulatory initiatives, including a series of new reporting requirements imposed by the 2018 revision of the corporate governance Code,” writes Simon Lowe, chair of the Grant Thornton Governance Institute.
As risk and compliance reporting becomes ever-more complex, UK companies are increasingly seeking an integrated solution, one that will pull together the essential data in the most useful form. In a survey of large and mid-size companies, Deloitte found that about half of the respondents “were extremely concerned about the ability of their risk technology to respond to new regulatory requirements.” And nearly 8o per cent of the companies surveyed responded that their existing technology did not react to the rapid pace of risk management effectively.
Governance, Risk and Compliance Software Tools
In today’s dynamic and volatile corporate environment Governance, Risk and Compliance software (GRC) is more important than they have ever been. The scope of GRC solutions is wide, as management expert Norman Marks writes. “Governance includes the setting of objectives and strategies, managing the organisation through informed and intelligent decision-making, measuring and monitoring performance, and much more (such as the board, Legal, and Internal Audit). The journey to success has to include the anticipation and handling of what might happen (Risk) while acting with integrity (Compliance). Every part of the organisation has to work together, in harmony and with shared objectives, if the potential of the enterprise is to be realised.”
Instead of treating each conformity and risk issue as an individual problem, firms are now seeking a common approach. “Companies that do not implement such integrated solutions are paying substantially in terms of increased complexity, wasted resources, decreased flexibility, and greater exposure to threats, which eventually impede business growth and performance,” writes Grand View Research.
Find out the size and scale of the challenge that companies face in building a balanced board
GRC Software Demand Increases But Solutions Do Not Adapt Well
Driven largely by this need for integration, the global enterprise governance, risk and compliance market is expected to reach $64.62 billion by 2025, according to Grand View Research. It is expected to see a Compound Annual Growth Rate of 12.9 per cent in the next five years.
It is notable that GRC adoption is largely shifting to the Cloud, according to an Open Compliance and Ethics Group (OCEG) study. Nearly half of companies that have adopted GRC have chosen SaaS solutions, while only 30 per cent have opted for on-premise implementations.
But the study shows that alignment with management needs is still very weak, on average. Most enterprises that adopt GRC are struggling with integration issues, as pulling all the data together into one platform has proven elusive. “When employees perceive the technology as not supporting their needs effectively, they will often continue to rely on their legacy technology and in the case of GRC that typically means spreadsheets, email and documents. This will have a negative effect on utilisation of GRC technology, slowing down adoption or even causing organisations to abandon GRC solutions,” according to the study.
What this means is that finding the right GRC solution is a bit different from choosing other types of systems, because the scope for application is so broad, and the need for it to work right across the organisation is paramount. Boards should first make an effort to understand how the various aspects might be improved by technology. Then, as Deloitte explains, they should try to see where the same technology can make them work together.
It is important that all of the functions provided by GRC solutions are integrated into a single platform. Disparate bits of information in separate locations do not assist Boards in gaining insights. GRC refers to a capability to provide a holistic view of all of the processes – with responsibility running right across the organisation. GRC is a set of processes and practices that runs across departments and functions. There is no holistic vision without a single “dashboard” that changes not only with respect to internal activity, but also in terms of market evolution and economic conditions.
Most GRC solutions has evolved out of the risk management framework. But, as Norman Marks has pointed out, the scope of GRC goes well beyond that. “This is more than adding key risk indicators to a report with key performance indicators. It’s about understanding how likely we are to achieve our objectives.”
This means pulling in data from across the enterprise and breaking down individual siloes. Using data analytics to monitor risks and behaviour, GRC tools breaks down “siloes,” of data, so that company secretaries can use a single framework to monitor and enforce rules and procedures. Employing a secure board portal as GRC software is a robust and effective solution.
GRC Tools Using Diligent’s Modern Governance Solution
Diligent, the pioneer in Modern Governance, has created a suite of integrated SaaS applications that achieves this objective. Our trusted, cloud-based applications enable secure information sharing throughout the organisation, so that Governance, Risk and Compliance data can be integrated, and acted on.
The Governance Cloud ensures the visibility of issues, as data is drawn from risk and compliance systems. It ensures that risks can be controlled while they are still imminent, and before they become problems to be resolved. The applications centralise critical data and protect your organisation’s most valuable information while enabling secure collaboration among board members and management.
Diligent’s Governance Cloud enables companies to centralise, manage and effectively structure GRC data, right across a multi-entity organisation. It permits storing entity information, documents and organisational charts in a highly secure format to create a single integrated source. This escalates good corporate governance and improves risk and compliance data collection. All of this leads to a better reaction to risk and improved decision-making.
All of these functionalities work seamlessly with Diligent’s board portal, which provides a secure, cloud-based system for electronically filing and organising financial reports so that board members can find and retrieve them quickly and easily. Diligent’s board management software is also part of the Governance Cloud. It helps auditors manage workflows and schedule audit-related tasks and board reporting. Diligent board software and meeting management software makes it just as easy to access policies so that board directors can review them according to legal or regulatory mandates, business objectives, risk and internal controls.
December 28, 2020
What Role Does the Board Play in Business Continuity Planning?
Continuing in the face of adversity has been the dominant theme of the past year. When the scale of disruption caused by COVID-19 became clear, businesses worldwide were forced to adapt rapidly to the restrictions that came into force overnight. While many organisations have business continuity plans designed to keep…
December 21, 2020
Business Continuity Plan Maintenance: A Step-by-Step Guide
A business continuity plan (BCP) is a living, evolving document. Designed to be activated when unplanned disruption strikes, it must be flexible enough to guide actions regardless of the specifics of the situation. In a fast-changing environment, business continuity plan maintenance is an essential part of the business continuity programme…
December 8, 2020
Board Meeting Minutes Best Practices and Guidelines
Guidelines for Board Meeting Minute Taking In order to keep the courtroom from invading the boardroom, the most basic rule is, “saying less is often better,” warns the London-based law firm Bricker & Eckler in a recent note. “Today’s business climate places heightened…