No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

5 Tips to Minimize Frustration with Your GRC Technology

by Tim Cercelle
October 7, 2015
in Compliance
5 Tips to Minimize Frustration with Your GRC Technology

The complexity of today’s business environment threatens to overwhelm the compliance function in many organizations as they struggle to respond to questions from regulators, executive committees and Boards. Unfortunately, one common panacea for organizational complexity—technology—has not won an overwhelming number of supporters in the risk and compliance space. According to a recent survey Deloitte conducted with Compliance Week, only 32 percent of compliance executives were confident or very confident in their IT systems, a rate that has actually dropped from 41 percent since the survey was conducted in 2014. This may be why the majority say they primarily depend on desktop software and in-house tools such as spreadsheets to perform most compliance tasks. Reliance on these tools is one reason many compliance functions tend to spend the preponderance of their time gathering data rather than analyzing it.

One technology solution that has begun to have an impact in the compliance space is the governance, risk and compliance (GRC) tool set. While not perfect, these tools have improved enormously over the past five years and have the potential to automate such activities as data collection, control testing, issue management, workflow and reporting. As with any tool set, implementation of appropriate governance processes and procedures are critical to overall success.

Experience gathered while working with compliance professionals on numerous GRC initiatives has led to the identification of five critical success factors:

1. Make sure leadership has your back

It sounds obvious, but without leadership support, a broad-scale GRC project can quickly devolve into squabbling over priorities. When executive leadership participates in discussions and decision making, it is a clear signal that the initiative is both important and strategic in nature. Leadership support will also help to drive consensus and keep diverse stakeholders working together toward a common goal.

2. Go slow to go fast

Far too often, many companies approach GRC implementations in the absence of a strategic roadmap. Leadership may signal the go-ahead but leave it up to the individual groups—whether it is the business units or the various functional organizations, such as risk and compliance—to decide how to proceed. The result is often a host of siloed development initiatives that the organization then struggles to connect once they are up and running.

Green-lighting these isolated initiatives may appear to be the faster approach—after all, getting everyone on the same page takes time. But the result of such a piecemeal approach is usually a huge amount of rework and potentially the wholesale scrapping of GRC systems and tools after they have already been installed. The build-then-connect approach rarely works, especially in large, complex organizations. Rather, you need to think first about how the system should connect across the company’s different risk and compliance silos. In other words, connect first, then build.

A variety of other issues also need to be decided up front, including governance structures, policies, procedures, controls, data sources and classification. Finally, many companies underestimate the change management issues involved in a GRC technology implementation—this is something that should be addressed in the planning phase, before a single line of code is written. A careful, well-thought-out approach can pay off handsomely in the long run.

3. Speak the same language

Organizations need a way to talk about risk and compliance that resonates for the entire enterprise, not just for specific groups. Without a common taxonomy, the implementation will only take you so far. Data may automatically flow from multiple sources into a single repository, but turning it into a meaningful picture that creates valuable insights for the business will likely be impossible. Developing a common language is one of the most important aspects of the planning phase.

4. Engage early and often

IT may be the ultimate buyer of GRC technology solutions—and they are certainly involved in the implementation process—but they should by no means be the sole decision makers. The three commonly cited lines of defense for identifying chinks in a company’s controls armor—the business, the compliance function and internal audit—need to be closely involved in determining what system to implement and how to customize it.

While the formal owner of a GRC implementation varies from organization to organization, unless all affected parties are involved in decision-making, the initiative can be sub-optimal. In fact, when stakeholders are not engaged early, the result may require considerable re-work as new groups are added to the platform. The business in particular may need to be “sold” on the benefits of an implementation initiative—and “saving the compliance function from headaches” is not going to cut it. For example, one way a business unit can benefit from having a fully functioning GRC platform is a reduction in the number of requests for business-specific information from both the compliance and risk functions.  Bringing together all the parties at the onset of these initiatives and giving them a stake in the game can help ensure that everyone benefits. Keeping them abreast of project milestones via regular, two-way communications can help prevent stonewalling when user groups are not consulted.

5. Start small, then iterate

While the roadmap should lay the course for the entire organization, trying to do everything at once is usually a recipe for failure. The roadmap will set priorities, and that’s where you need to start. Develop “use cases” or “pilot projects” based on the highest-profile areas—such as third-party compliance, IT/operational risk, risk assessment, business continuity planning and regulatory change management—rather than initiating a set of silo-based initiatives. Then, step back and gather feedback from the business and other users. That feedback is valuable currency because you can incorporate it into your next deployment. It is far easier to iterate and continuously improve than it is to roll something out across the enterprise that may have to be taken offline and reconfigured if problems arise.

Conclusion

With the right approach, GRC implementations need not be universally frustrating. This means bringing together all the relevant parties up front, dividing responsibilities in a manner consistent with the three lines of defense, appointing an executive sponsor and then moving forward together to determine appropriate GRC use cases that can be built within the GRC tool. Aided by the automated activities that GRC tools provide, compliance and risk organizations will likely spend far fewer resources on manual, spreadsheet-driven tasks and instead will be able to focus on analyzing the data and other more fruitful pursuits that deliver value to the business.


Previous Post

Governing for the Long Term: PwC’s 2015 Annual Corporate Directors Survey

Next Post

Feds Face High Hurdles in Tackling “Super PAC” Abuse, Attorneys Write

Tim Cercelle

Tim Cercelle

tim cercelle headshotTim Cercelle is a Deloitte Advisory director in Deloitte & Touche LLP’s Regulatory & Compliance group and a former chief compliance officer in the insurance industry.

Related Posts

Phaxis 100 dollars

AML & KYC: Addressing Key Challenges for 2023 and Beyond

by Alex Roberto
March 16, 2023

(Sponsored) In today’s world, financial criminals are often a step ahead of regulators and financial institutions who struggle to effectively...

audit

IIA Survey: Technology Issues Widening Risk Landscape

by Staff and Wire Reports
March 15, 2023

The past year has seen internal audit staffing and budgets continue their recovery to pre-pandemic levels as organizations contend with...

Paul Weiss Economic Sanctions and AML Developments 2022_f

Economic Sanctions and AML Developments

by Corporate Compliance Insights
March 15, 2023

Sanctions start high and stay high 2022 Year in Review Economic Sanctions and AML Developments What’s in this report from...

insider fraud threat

As Layoffs Continue, the Potential for Insider Fraud Is Growing. Are You Ready?

by Chris Gerda
March 15, 2023

From startups to big banks, the technology and financial services sector have already seen tens of thousands of layoffs in...

Next Post
Feds Face High Hurdles in Tackling “Super PAC” Abuse, Attorneys Write

Feds Face High Hurdles in Tackling "Super PAC" Abuse, Attorneys Write

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT