The recent coalescing of the leading governance, risk and compliance methodologies has resulted in what is now referred to as ”GRC” across industries and businesses worldwide. GRC represents a more integrated and standardized academic approach to three related and overlapping disciplines that have become vital to the survival of modern day corporations.
GRC addresses and utilizes all of the vital constituent components of governance, risk, and compliance — wrapping their respective functions into a new holistic paradigm to achieve better gains (and the sustainability of those gains) in operational management. I have been writing for some time now about how corporate governance has hooks in every business activity under the sun, especially those that revolve around compliance and risk. GRC represents an outstanding standards-based crystallization of this concept.
Although each GRC component may address different business problems, it makes perfect sense to merge their logical frameworks and physical practices into a more capacious concept for many business scenarios. As is the case with many modern business doctrines, the sum (integration) of their parts is often more empowering than interacting with them in their individual silos. Yet, from a technology perspective, it is not so simple to achieve quick ROI from GRC systems initiatives. In order achieve the maximum benefits from the merging of governance, compliance, and risk management, you need acute transparency into the business, and that means you need: (1) a ton of useful GRC data; (2) a means to view the data; (3) a methodology for understanding and measuring the data; (4) a plan of action to react to the data.
Many companies feel that the cost of governing their portfolio of risk and compliance is becoming increasingly difficult, as well as more expensive. The general belief (or should I say fear) is that the expense and complexity of risk and governance will continue to grow to a point where corporate bottom lines are severely affected. The simple fact of the matter is that over the coming years, the existing maze of regulatory mandates is not going to go away. Turbulence in the financial markets and on the environmental front to name but a few, are going to keep moving the regulatory juggernaut forward at a relentless pace all over the globe. GRC systems and dashboards provide companies with more than a glimmer of hope that their current headaches and future burdens with respect to compliance, risk, and governance will be alleviated in a cost effective manner.
The challenge for managers and supporting IT infrastructure is that in order to reap the full benefits and promises of GRC dashboards, a large effort to collect and integrate data for GRC intelligence (data that will be used by the dashboard) may have to commence. Nevertheless, once completed, a GRC dashboard should produce immediate ROI. Having a robust transparency into corporate assets will be a tremendous relief and eye-opening experience for senior management. Being able to view an organization’s operations along various dimensions of exposures, liabilities, and perils--uncovering new hazards and risks to the continuity and viability of a business, is a fundamental prerequisite of a well-run organization. GRC dashboards will give managers the ability to visualize risk and understand how they are meeting compliance and governance mandates with real-time or near-real time data. With clear data readily available for slicing and dicing, management techniques to deal with issues related to governance, risk, and compliance can be continually fine tuned and improved.