Thursday, January 28, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Enterprises Left Exposed Through GRC “Shelfware”

by Scott Goolik
November 27, 2018
in Featured, Risk
ERP program on tablet

The Underlying Issue with Many GRC Solutions

GRC software is especially critical in organizations that rely on enterprise resource planning (ERP) software – such as SAP or Oracle – to essentially run all aspects of their business, from the supply chain to finance. However, the GRC software that comes with it is often overly complex and seldom deployed, resulting in unused “shelfware” that leaves the enterprise exposed to risk and fraud. This article provides tips on how corporate compliance and risk managers can avoid the “shelfware” trap and always remain audit-ready.

If you buy a piece of software, but never deploy it, does it exist?

This philosophical question is broadly impacting the security and risk industries. Years of fearmongering forced companies to buy overlapping products they didn’t need, and now many have ended up putting them unused on a virtual “shelf” – commonly called “shelfware.”

Just as the executives of those companies falsely assume their systems are protected (given they have bought products for that purpose), corporate compliance executives are beginning to realize they may not actually be compliant, never mind audit-ready.

A key driver for the shelfware issue is complexity. Governance, risk and compliance (GRC) software is especially critical in organizations that rely on enterprise resource planning (ERP) software – such as SAP or Oracle – to essentially run all aspects of their business, from the supply chain to finance.

The ERP software itself is very complex, and the GRC software that comes with it – often “thrown in” to help close the deal – is just as complex. In the best case, it typically requires the IT department to deploy, customize and use it. In the worst case, it can turn into a whole new project that requires outside consultants to customize it for a specific enterprise’s environment, adding time and cost to what was previously viewed as a “free” and “easy-to-deploy” software system.

Unfortunately, requiring IT or outside consultants to make GRC software work takes ownership and management of GRC and access controls out of the hands of those who should be in charge: with business users. Corporate compliance executives are then left with GRC shelfware while the organization remains exposed to risk and fraud.

Here are some tips on how to avoid the GRC shelfware trap:

Explore All Your Options

Even if your organization has made a significant investment in an ERP system that comes with GRC software, check the other options on the market to see what will suit your unique needs and ensure fast deployment, adoption by business users and audit-ready compliance.

Nondisruptive Deployment

ERP software is the “heart and lungs” of most organizations, so whatever you deploy cannot distract your team from running the business and ensuring compliance. This is another leading cause of GRC shelfware.

Fast Time-to-Benefit

If getting real risk and compliance insight takes weeks, months or years, there is no value. GRC and access controls software should be able to provide comprehensible insight to your environment quickly, typically within hours and up to a few days.

Actionable Business Intelligence

If your GRC and access controls software is deployed and providing raw data, but your business users are unable to decipher what it means, there is no value. GRC software needs to speak the language of business users as well as risk and compliance teams, not software engineers or IT administrators.

Ready for Hybrid IT Environments

As enterprises increasingly look to hybrid cloud platforms during migrations of their ERP and other software, it’s important that GRC software is cloud-ready. This can ensure any upgrades or migrations do not create new holes in their segregation of duties processes or other access controls and potentially expose the company to increased fraud – or turn into yet another consulting project.

To avoid ending up being exposed by GRC shelfware, IT needs to provide the infrastructure and help automate processes. But at the end of the day, it’s up to business decision-makers to ensure how best to address risks and access controls and to use GRC software that is designed from that perspective.


Tags: GRC
Previous Post

Privacy Law Discussions: Who’s Leading The Way?

Next Post

Boosting SR 14-1 and IFRS 16 Compliance

Scott Goolik

Scott Goolik is VP of Compliance and Security Services at Symmetry. A recognized expert in the field of SAP security and compliance, Scott has over 20 years of expertise in SAP security and is a regular presenter at SAP industry trade shows and ASUG events.

Related Posts

hand holding multicolored balloons outside

Happy Data Privacy Day!

January 28, 2021
dollar bill, stimulus check, american flag

FCA Compliance in an Era of Unprecedented Government Stimulus

January 28, 2021
open padlock on red binary background

Mitigating Legal and Reputational Risk Post-Ransomware

January 28, 2021
invisible man in black on neutral background

The Curious Absence of Corporate Monitors

January 27, 2021
Next Post
reflection of digital screen on closeup of eye

Boosting SR 14-1 and IFRS 16 Compliance

Access realtime data
Dynamic Risk Assessments with Workiva

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights