Of necessity, organisations have a variety of specialised IT systems. There is huge value to be gained by integrating these systems, especially when it comes to Governance Risk and Compliance (GRC). We question Alfred Pawson on the essential ingredients necessary for integrating technology successfully.
When data resides in multiple sources such as spreadsheets and point solutions for risk assessment, internal audit or event management, it is difficult to create a comprehensive picture of a business’s risk profile. Risk management is complex, and the inter-related nature of businesses means that indicators in one area of the business can have a large impact on risks in another area. An integrated GRC solution can be hugely beneficial in centralising all this information, but key risk-related information also resides in external systems such as HR and ERP. Integrating these into a business’s GRC platform brings all the risk indicators into a single holistic framework, improving visibility and control.
But this integration is often steered away from, as being too difficult to get right and maintain. Alfred Pawson, Manager: Information Technology at Hernic Ferrochrome believes it is easier than one might think. And the value far outweighs the costs. “Technology integration has historically been difficult,” explains Pawson, “owing, in part, to legacy systems in businesses. In the wake of acquisitions and mergers, for example, certain applications, systems and software are inherited, along with their accompanying business processes. But with modern technology it is easier to achieve integration than ever before.”
According to Pawson, these are the three key ingredients for successful integration in GRC:
Integration begins with a strategy, he explains: “You need to decide what it is you want you want to achieve. Assess the strategy, design a system, build it and deploy it. In between each step in the integration process it is important to test, test, test.” He also stresses the importance of thorough and ongoing documentation. “If you don’t properly plan and document the process – everything from functional specifications, integration specifications, and so on – you will fail. You need to continuously roll out improvements and test them to highlight your errors.”
“Take more time up front, and design specifications thoroughly,” says Pawson. “Each organisation has unique needs and integration cannot follow a one-size-fits-all approach. Everybody has their own unique requirements and way of doing things. Effective and efficient risk management makes use of technology that is flexible, so that it can grow and change as an organisation grows. Integration is far more difficult with systems that are rigid. Being able to easily add fields that bind systems together makes the task of integration a whole lot easier.”
IT integration in business aids quicker decision making. The longer you take to make a decision – or get information to make a decision – the bigger the actual cost of an event is. It is therefore critical that the integrated data ends up in visible dashboards. “You want to make decisions as quickly as possible,” says Pawson. “How do you accomplish this? If you have 129 individual business processes, you won’t necessarily know where or what reports come out, or what the relevance of the information you receive a week later will be. Make sure, as part of your integration strategy, that the data ends up in the dashboards, so that it becomes living information.”
Through proper integration decision making happens much sooner. This is a major advantage of integration: by bringing all the processes in your business together, you will have a much clearer picture of what is going on in your business at any given time and be able to react faster and make better decisions. Data needs to flow through to where it belongs. In a knowledge economy the value of such data cannot be underestimated.
Regardless of how efficient, innovative and integrated your technology solution is, without employee buy-in the system will fall flat. Says Pawson: “It is not the strongest species nor the most intelligent that survive, it is the ones most adaptive to change. You have to change to stay ahead of your competitors.” People, not technology, present the greatest barrier to successful integration. Risk management software is the most effective when it is tailored to suit the users’ needs. You need to empower users with integrated technology, not confuse them. “Everything must be made as simple as possible,” affirms Pawson. “Design this into your integration approach, with strong error and exception handling. This allied with detailed testing, will ensure end users are not demoralised after the integration goes live.”
Configurability within your GRC software is vital, and the more easily it can be achieved, the better. People are naturally resistant to change, so it is important to keep this in mind throughout the process of integrating your technology.
Alfred maintains that integration is always possible. “Don’t let somebody in your IT department say integration is not possible,” he emphasises, “there is always a way to get it done.” Everything is possible, with the right process – and the right partner – you can unlock the value of technology integration within your business.