The concept of GRC (governance, risk and compliance) can differ based on the organization and the type of governance or risk management that is being addressed. Although each organization may vary slightly, the fact remains that organizations are required to put processes in place to ensure they meet compliance and mitigate risk. These processes are supported by the use of solutions designed to manage compliance initiatives or risk, or that report on the progress, number of violations, or constraints put in place to maintain these solutions. One way organizations are starting to manage initiatives company wide is by deploying dashboards that enable executives and decision makers to see how the organization is performing as a whole as well as by identifying potential issues before they occur.
However, before discussing how to meet compliance, minimize risk and the added value dashboards provide to the process, organizations should educate themselves about how software is used to meet compliance requirements, whether SOX, HIPAA or the like. This means acknowledging not just what is needed for compliance or risk management, but also what the requirements in-house are to manage the processes involved (to adequately control, track, and report auditing and compliance requirements throughout the year). Knowing where data is stored, how it is updated and by whom, enables executives to maintain a better grasp of how the organization is running as well as identify who is accountable for what.
Using business intelligence to meet compliance
Business intelligence enables organizations to fulfill general GRC requirements. Between a strong back-end data warehousing environment and front-end reporting and analysis, BI offers organizations the ability to:
- Monitor date and time stamps
- Secure access and supervise transactions
- Ensure continuous data quality
- Manage data relationships
- Identify trends and monitor performance
- Set, manage and maintain goals
- Collaborate with peers to share information
- Manage processes through data
All of these items - as well as countless more - enable organizations to take operational data, transform that data into meaningful information, and report and analyze it further.
For compliance, the reporting piece is the key. (Whereas, when looking at risk management or governance, the use of a dashboard to manage controls may provide more benefit.) Whatever method chosen, it becomes important to maintain the proper controls surrounding the reported data and to have the right solutions and processes in place. This extends beyond managing the required processes and includes how these solutions are maintained and what aspects of BI specifically support GRC requirements.
Turning to dashboards
When looking at dashboards specifically, the question becomes: what is it about dashboards that enable compliance, or risk management, etc.? The advantages of converging compliance initiatives, managing risk, or implementing governance practices and BI that are presented above relate to dashboard use as well. The ability to develop metrics and associate goals with items that require compliance, etc. give dashboard users additional advantages over simply using reports. Dashboards enable organizations and decision makers to set goals, measure those goals and monitor overall performance. Breaking that down further, executives can identify whether compliance is being met, how processes are being completed and where potential gaps exist. Alternatively, organizations can move from the use of a dashboard for maintaining how compliance performance is meeting set goals towards using dashboards for business performance management to manage potential risk.
From compliance to managing risk
High risk exists for organizations that ignore their responsibility to meet compliance. Risk also exists for organizations that do not implement the associated systems that can help them manage compliance more easily. However, aside from risk associated with not meeting compliance, there are also several types of risk that will differ based on the organization, such as financial risk, strategic risk, operational risk, and/or IT risk. This means that the way organizations look at using dashboards depends upon what controls need to be put in place or what type of risk is being measured.
The example below identifies risk regarding revenues as well as compliance and outstanding issues. All of these are related because a lack of compliance adds to an organization’s overall risk factors.
Overall, whether compliance or risk management, the fact remains that organizations are required to maintain a certain set of controls if they want to remain successful. With the use of dashboards, this is made more possible due to the continuous measurement of how organizations are performing against risk indicators or overall metrics set.
Types of solutions available
Luckily for organizations, several dashboard solutions exist that can provide the required tools to enable better compliance, governance and risk management. Dashboard vendors such as Corda or Tableau Software as well as many others can help organizations develop dashboards that help them meet compliance or mitigate risk. Alternatively, vendors such as Flexeye or Compliance11 enable organizations to move through a set of processes and use dashboards as a complementary aspect of an overall GRC solution. In essence, each category represents either a best-of-breed or full-solution approach allowing organizations to decide which method better suits their requirements.
Addressing GRC within organizations is now essential in order to avoid compliance violations, lessen risk and maintain governance initiatives. The use of technology to help organizations manage these processes is becoming more robust. Especially within BI and through the use of dashboards, organizations can integrate GRC components naturally into their overall processes.
About the Author
Lyndsay Wise is an industry analyst for business intelligence. For over seven years, she has assisted clients in business systems analysis, software selection and implementation of enterprise applications. Lyndsay is the channel expert for BI for the Mid-Market at B-eye-Network and conducts research of leading technologies, products and vendors in business intelligence, marketing performance management, master data management, and unstructured data. She can be reached at email@example.com. And please visit Lyndsay's blog at myblog.wiseanalytics.com.
(Copyright 2009 - Dashboard Insight - All rights reserved.)