Governance, risk management, and compliance (GRC) is something every organization does: it is part of business. Whether the organization calls it GRC, ERM, EHS, or something else…every organization has some approach to GRC. It can be completely manual, broken, and reactive or it can be optimized, aligned, and integrated. The key question is how can we improve GRC related processes and information? How can we make it more efficient, effective, and agile?
GRC itself is about a strategy and process of collaboration between functions to share information to aid the organization in achieving objectives. The official definition of GRC is that it is an ‘integrated capability to reliably achieve objectives [GOVERNANCE], while addressing uncertainty [RISK MANAGEMENT], and act with integrity [COMPLIANCE].”
Technology plays a critical role in GRC strategy and process. Through technology, GRC processes can become more efficient, effective, and agile. Technology enables GRC. However, many organizations find that they have outgrown their current GRC technology platform. Some common issues I hear in organizations frustrated with their current technology architecture for GRC is that it is:
Organizations look to new GRC technology as they desire a fresh and up to date architecture that is highly functional and easy to service and integrated into the organization. One that is highly agile to the needs of a dynamic business environment.
Some key points of consideration when evaluating new GRC technology include:
GRC technology has evolved just as the organization has evolved alongside its risk and regulatory environments. Struggling with archaic GRC technology is futile and inhibits GRC as opposed to making it more efficient, effective, and agile in the organization. Organizations should look to new breeds of GRC technology that are easy to implement, engage all levels of the organization, lower cost of ownership, and integrate with the business.