No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Featured

People, Process, Technology: Optimizing Risk Management Initiatives

by Adam Billings
May 8, 2018
in Featured, Risk
People, Process, Technology: Optimizing Risk Management Initiatives

How to Implement a Better Process When Dealing with Risk Management

People, process, and technology are three key elements when it comes to implementing risk management in any company. The challenge is how to implement these elements in a way that helps your company put an integrated approach to the process. In this article Adam Billings, Principal Consultant at Lockpath will outline the challenges companies face when it comes to applying risk management technology. He will address how companies need to take a top down approach when you’re figuring out how to apply the right risk management technology. This involves figuring out what the issues are with your team in order to help solve your problems and get your software/platform implemented the right way. In addition, it is crucial to acknowledge the importance of involving people at all levels in the process and understanding the interdependencies when it comes to executing a new risk management technology. Ultimately the end goal is you’ll have a manageable system that the team and C-level can manage and figure out and get holistic visibility that works for all those involved.

If you’re in the compliance and risk management space, you can probably guess the three key pieces required to optimize risk management initiatives. People, process, and technology — the trifecta of digital transformation. However, creating cohesion between all three is often challenging.

Most companies have reached a point where spreadsheets and emails are insufficient tools for the complex and multi-layered activities involved in risk management.  This gap introduced a need for better solutions and led to the boom of governance, risk management and compliance (GRC) platforms, and enterprise risk management (ERM) systems along with other similar technologies. It’s time to leverage those solutions to streamline processes, automate tasks, and keep people accountable.

However, technology includes its own set of challenges. It won’t solve all your problems with the click of a button. But if you have a destination in mind and a roadmap in hand, it will make the journey that much faster and easier. If you don’t understand your own processes or don’t have an outline of what you need to accomplish, software will be of little help.

What gets in the way?

When choosing governance, risk management and compliance (GRC) technology, I recommend clients begin by focusing on process improvement. What are your current processes? What are your workflows? What pain points and bottlenecks need to be resolved? Answering these questions through deliberate evaluation and collaboration makes it easier to determine if a software platform — and what components, modules, or applications of that platform — will help solve specific problems, address critical risks, and streamline current and future processes.

People get so focused on the day-to-day that they struggle to see the big picture and how it’s going to affect the other teams and departments around them. Leadership should get cross-functional teams working together to identify issues, set priorities, and address process and risk management problems from a broader point of view; one that accounts for business, compliance, and security objectives.

Taking a top-down approach

As a principal consultant, I’m often asked what I recommend companies look at first to improve risk management. The first thing I ask is if they’ve implemented an enterprise risk management process. Is it a top-down or bottom-up approach? Top-down meaning, does your executive team identify critical goals and objectives for your company every year and evaluate risks by those goals? If this isn’t the approach, chances are those goals and priorities are defined by each business unit – or bottom up — which is how it works in most companies. Each segment in the business has its own spreadsheets delineating individual problems to address.

I keep clients focused on the big idea: how to look at these siloed issues together. The first step is to identify the key teams or players who are tracking risks. Then you can begin to pinpoint interdependencies or relationships in the work that they do. Ultimately, you are driving toward creating synergies and efficiencies. For instance, if multiple departments are tracking the same issues but each handles the data a bit differently, a centralized repository for sharing information keeps everyone on the same page, reduces duplicated efforts, and encourages collaboration.

This shift requires a champion, someone who will lead the charge in adopting better tools, advocate for the collaborative approach, and push reluctant teams to get with the program and really incorporate the tools. The champion also needs to listen to key players and study the big picture to gain a clear understanding of interdependencies — where do problems intersect? What are potential cascading effects? Where are the gaps and overlaps? In my experience, the most successful implementations begin with C-level champions who include process owners in the discussions. Those are the people I want to talk to first when a CISO calls to ask about technology solutions.

Cultivate visibility

Often, multiple departments are running into the same problems — one knows how to solve the problem, while the other keeps spinning its wheels because it is not aware of the solution or how to implement it. In companies where I see this dynamic, I try to convince stakeholders to open the lines of communication and air the dirty laundry. Developing higher levels of visibility across departments improves process, fosters accountability, and creates space for innovative problem-solving. Leadership is an important catalyst when shifting from siloed spreadsheets to centralized enterprise systems. While risk management technology alone cannot create this collaborative dynamic, it can certainly support it.

Risk management becomes easier and more effective when enterprise visibility is prioritized and systematized in a single platform. Consultants, risk and compliance leaders, security heads, and executives can be more efficient, accurate, and productive when they are working with harmonized, shared data. Executives and decision makers can access comprehensive reports with one click — a vast improvement over sorting through PowerPoint presentations from five different departments, each of which employs a different risk taxonomy. Most executives simply don’t have time for this, so any insights or calls to action are lost in the shuffle. In the digital era, meaningful data drives meaningful change.

All eyes on the prize

One of the primary goals of an enterprise risk management program, after all, is to provide a seamless picture of the company’s risk posture to the executive team. Without the technology platform to unify and organize the necessary activities and data components, providing such reports is a major pain point. And without high quality reports, vulnerabilities and costly inefficiencies may go undetected or unresolved. If you can’t see the big picture, you won’t figure out what’s getting in the way of achieving business objectives or what must change to clear the way. For instance, I often see companies with multiple locations waste resources testing variations of the same control (e.g., SOX) hundreds of times a year, when they should only need to test it two or three times. They’re managing all of it with siloed spreadsheets, and no one wants to delete anything, so the disharmonized data ends up feeding a circular mess.  A GRC platform can manage controls like SOX at a higher level, but optimization only happens when all the relevant regulated processes and teams are included.

Many companies buy a GRC platform or risk management solution without fully understanding its purpose or capabilities. Education and evaluation are critical —stakeholders should first come to a mutual understanding of how governance, risk, and compliance activities are carried out in their organization and what isn’t working.  This lays the foundation for implementing an enterprise-wide platform executives and process owners can manage, benefits all involved, and provides holistic visibility across business functions.

 


Previous Post

TRACE: FCPA Enforcement at the SEC

Next Post

There’s Never Been a Better Time to Expand Globally—But Is Your Business Prepared?

Adam Billings

Adam Billings

Adam Billings is a Principal Consultant at Lockpath, with 6 years of experience related to process improvement and technical implementations. This includes direct GRC experience, leading onsite demonstrations and documenting extensive client processes across a variety of industries; managing clients through engagement life-cycles and strategizing for future process improvements; and facilitating options for integrating business processes into a GRC solution. He has a strong understanding of audit and SOX compliance activities, as well as other general business experience including monthly financial statement preparation, cost accounting, and database management.

Related Posts

GFT Canada Update

GFT Expands AI Compliance Suite for Canadian Credit Unions

by Corporate Compliance Insights
May 8, 2025

Digital transformation company GFT has expanded its compliance suite to help Canadian credit unions combat payment scams and identity theft...

AxiomGRC Launch

Business Resilience Platform Axiom GRC Enters Global Market

by Corporate Compliance Insights
May 8, 2025

A business resilience platform called Axiom GRC has launched in the UK, backed by £500 million private equity investment from...

MyCOI Launch

myCOI Launches AI-Powered Insurance Compliance Platform

by Corporate Compliance Insights
May 8, 2025

Insuretech provider myCOI has launched illumend, an AI-powered platform designed to manage third-party insurance compliance and certificate of insurance processing....

Beachhead Documentation Launch

Beachhead Solutions Launches Compliance Documentation Tool

by Corporate Compliance Insights
May 8, 2025

Data security provider Beachhead Solutions has launched ComplianceEZ, a new compliance documentation tool built into its BeachheadSecure platform. The tool,...

Next Post
Global Expansion

There’s Never Been a Better Time to Expand Globally—But Is Your Business Prepared?

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights