Friday, December 6, 2019
Corporate Compliance Insights
  • Home
    • Home
  • About
    • About CCI
    • Writing for CCI
    • Advertise With Us
  • Articles
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
    • Home
  • About
    • About CCI
    • Writing for CCI
    • Advertise With Us
  • Articles
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

A More Strategic Approach to GRC

by Sam Abadir
April 6, 2017
in Compliance, Risk
auto mechanic holding tools

Telltale Signs Your Compliance and Risk Management Program Needs a Tune-Up

Risk management is fast becoming a business priority. However, research shows that there is minimal understanding of the robust GRC platforms that make a streamlined, integrated approach possible. These tools can help optimize risk management processes to improve program efficiencies and reduce operational costs while bolstering cybersecurity.

The Trump administration is already making good on its campaign promise to significantly roll back federal regulations. With change imminent, compliance and risk managers have found themselves in a fast-moving and unpredictable environment.

Regulatory reform poses a unique challenge for compliance and risk teams, who are responsible for keeping up with regulatory changes, ensuring personnel and third parties are aware of their responsibilities and understanding the complexity of risk management. Facing these mounting difficulties, many enterprises have realized they need to develop more mature governance, risk management and compliance (GRC) programs.

In late 2015, Gartner conducted a survey of its clients to understand how they are using GRC software to support enterprise risk management efforts. Nearly 40 percent of those surveyed were not using GRC software. In addition, 65 percent were not even familiar with the term “GRC.” However, in Gartner’s 2015 CEO survey, 65 percent of global CEOs and senior executives viewed the level of investment in risk management tools and practices as insufficient.

These surveys and similar research by Deloitte are among many indications that risk management is becoming a business priority at the executive level. Yet its supporting technologies are underused and poorly understood. Too often, risk management programs are hampered by manual and disparate tools, such as spreadsheets, word processing documents and email. These inflexible, outdated tools are insufficient for audits, unsupportive of change management and often result in high costs as the business grows. Consequently, organizations are quickly realizing these methods will not scale as the risk landscape becomes broader and more complex.

Enterprises, especially those in highly regulated industries, need to shift to a more streamlined and integrated approach to help alleviate the many issues associated with manual compliance and risk management processes. They need comprehensive GRC software solutions but are understandably hesitant to invest resources into overhauling their existing programs, concerned about compatibility with existing processes, systems and employee skill sets.

Here are some telltale signs that your organization needs a GRC software solution:

  • You are still using spreadsheets to track compliance and manage risks.
  • Homegrown tools are slow to change as new risks and compliance mandates surface.
  • Your program is slow to adapt to rapidly changing regulatory and risk environments.
  • The auditor is coming and your compliance team is in panic mode.
  • During an audit, you are unable to provide the auditor will requested information such as time stamps.
  • A negative incident occurred (data breach, audit failure or enforcement action) and a more robust risk management, compliance or IT security program is required.
  • The costs of managing compliance and risk have skyrocketed as your organization has grown.
  • Producing timely and accurate reporting is an ongoing struggle.
  • Gathering and linking historical and environmental data points to understand your risk position is a challenge.

Companies are learning that risks do not solely impact or originate from individual processes, events and environments. Developing integrated views of risk requires assessing every element of the enterprise value chain, the controls managing those value-creating elements and how lack of control adherence is introducing risk and curtailing value.

There are purpose-built tools that tackle these problems. These full-featured, cloud-based solutions are called GRC platforms; some analysts call them integrated risk management solutions (IRMS). Best-of-breed GRC/IRMS platforms help organizations coordinate and streamline management of IT risk, vendor risk, compliance and policies, business continuity and overall enterprise risk management, as well as significantly streamline the associated audit management and evidence-gathering processes. Without such solutions, most companies will incur increasing costs and unnecessary risk.

When selecting a GRC platform, consider key factors like efficiency, flexibility, specific needs and compatibility with effective operational and transactional systems. Many GRC buyers have found that the ability to quickly build out and maintain the GRC system without consultants and coders is as important as the system being easy for end-users to operate. Here are a few other GRC platform considerations:

Evaluate ease of use: How quickly it can be implemented, and will your employees be able to easily learn and use all the features?

Assess platform functionality: How do you get information and data into the GRC platform? What can be done with data in the platform? What reporting options are available?

Identify GRC solutions that enhance your current compliance program: Can this solution map policies to regulations? Is it configurable enough to mimic company processes, rather than changing your processes to fit the platform? Will this solution grow with your organization?

In the context of extreme and complex regulatory and risk changes, managing compliance and risk with outdated tools is not only time-consuming, but also potentially risky and expensive. No one claims it will be easy to integrate operations, compliance, risk, security and audit functions, but taking the time to do this within a GRC platform is worth the effort and will provide benefits unobtainable with manual methods and office tools. Adopting GRC technology will build resilience, enhance efficiency and optimize operations across the enterprise.


Tags: donald trumpERMregtech
Previous Post

A Money-Laundering Nightmare

Next Post

How to Conquer the Compliance Audit

Sam Abadir

Sam Abadir is Vice President of Industry Solutions at Lockpath. Sam has over 20 years of experience helping companies realize value through improving processes, identifying performance metrics and understanding risk. Early in Sam’s career, he worked directly with financial institutions and manufacturing companies to help them realize institutional value. As a Senior Manager at Deloitte, he focused on improving processes and increasing value for Global 2000 companies. In the past seven years, Sam has worked with software companies like Lockpath to build the tools that help companies manage risk and create value that enhance performance in a structured and efficient manner.

Related Posts

job candidates awaiting inerview

An Unconventional Interview Question: “Do You Have an HR Department?”

December 5, 2019
closeup of magnifying glass on gray background

DiCianni’s Idea: How It All Got Started

December 4, 2019
woman's hand touching beam of light on digital blue screen

The Evolution of Compliance

December 3, 2019
"bias" on green post-it note on pink background

The Curious Case of Bias in Risk Assessments

December 3, 2019
Next Post
man with red tie holding red audit binder

How to Conquer the Compliance Audit

Free Downloads

OFAC whitepaper cover
Compliance Job Interview Q&A
Reputation Risk Management Research

RSS SEC Litigation News

  • Iconix Brand Group, Inc., Neil R. Cole and Seth Horowitz December 5, 2019
    SEC Charges Iconix Brand Group and Former Top Executives with Accounting Fraud
  • Lester Burroughs December 5, 2019
    SEC Charges Connecticut Man with Defrauding Retail Investors
  • SBB Research Group LLC, et al. December 4, 2019
    SEC Charges Hedge Fund Adviser and Top Executives with Fraud

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks Big Data blockchain board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management corporate culture corporate governance culture of ethics cyber risk data analytics data breach data governance decision-making Dodd-Frank DOJ due diligence fcpa enforcement actions GDPR GRC HIPAA information security internal audit internet of things (IoT) KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • Audit
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • HR Compliance
  • Leadership and Career
  • News
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights