No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Featured

“Gone are the Days of Rigid Lines of Defense”

by Gaurav Kapoor
July 17, 2018
in Featured, Internal Audit, Risk
blur of audience in crowded auditorium

Key Insights and Trends from the MetricStream GRC Summit 2018

MetricStream’s 2018 Summit in Baltimore saw several hundred business executives, government leaders, GRC practitioners and industry analysts gather to talk GDPR, strategies and solutions for building better governed, more compliant organizations and more. Gaurav Kapoor, MetricStream’s Chief Operating Officer, shines a spotlight on some of the event’s key takeaways.

From June 3-6, several hundred business executives, government leaders, GRC practitioners, and industry analysts gathered at the GRC Summit 2018 in Baltimore to put forward strategies and solutions toward building better governed, more risk-aware and compliant organizations. We were privileged to listen to some of the best minds in business and government as they discussed how enterprises can effectively preserve their corporate integrity, protect their reputations and drive exceptional performance through GRC.

Here are some of the key trends and takeaways from the summit:

GRC as a Business Performance Driver

One of the recurring themes at the event was the shift in GRC from assurance function to business performance enabler. Advanced analytics and automation have enabled GRC professionals to play a more strategic role as partners to the business, empowering management teams and boards with critical intelligence to guide decision-making.

GRC is also increasingly being linked to top-line performance. For instance, companies are beginning to negotiate with their suppliers and vendors based on quality, risk and performance scores derived from their third-party governance programs.

On the cost side, there’s a big move toward optimizing business spend by rationalizing GRC programs across the lines of defense. Redundancies are being eliminated as the third line starts to leverage more of what is being done by compliance and risk functions, as well as the first line.

“We’re All in This Together:” Breaking Down Barriers Between the Lines of Defense

GRC doesn’t just happen in the second or third lines of defense – it really takes place at the first line, because that’s where the risk is, noted a CXO panel[1] at the summit. But even as risk responsibilities and ownership are pushed down to the front lines, there needs to be greater collaboration and dialogue across all the lines of defense.

Gone are the days of “checkers checking the checkers checking the checkers.” With greater audit fatigue and more lines of defense emerging, organizations must build a sense of partnership and cooperation where risk, compliance and assurance functions, as well as business units, work together toward creating common taxonomies, addressing key risks and issues and essentially moving away from a tick-box mentality toward one that is focused on the larger picture of business performance. That is key to creating a successful GRC program.

Turning GRC into a Profit Center through AI

While there has been a certain amount of trepidation around artificial intelligence (AI), many of the speakers at the summit argued for AI’s potential in amplifying the value of GRC functions and perhaps even turning these entities into profit centers.

Renee Murphy, Principal Analyst at Forrester Research, used the example of internal audit as she talked about how AI has the potential to alleviate audit paperwork by automatically pulling together and validating data from various systems of record (e.g., firewalls logs). Internal auditors are arguably the people in the organization who know the most about the company, she noted. With AI, they can really begin lending themselves to more strategic conversations, rather than spending most of their time manually gathering evidence.

Janardhan Cadambi, EVP of Transformation, Risk and Operations (LFI) at MasterCard, took the conversation further as he talked about how AI’s value can be understood in terms of “the 3Ds:” the ability to process huge volumes of data in a dynamic manner to make informed, practical decisions. The 3Ds, in turn, are achieved with the help of the 3Is: information processing, intelligence and insights. Together, they lead to the 3Ps: enabling organizations to preserve the integrity of their data across transactions, protect against cybersecurity and other data-related risks and, finally, find new ways of strengthening performance and customer satisfaction.

Avoiding the Normalization of Deviance

Keynote speaker Maj. Gen. Charles Bolden, Jr., Retired United States Marine Corps Major General and Former NASA Administrator and Astronaut, brought up the risk of “the normalization of deviance” – noticing that something in the enterprise isn’t quite right, but overlooking it because it hasn’t caused any trouble yet.

Over the last year, we’ve seen what happens when deviance is normalized – when a violation of sexual harassment policies is overlooked, or when a critical IT vulnerability isn’t patched on time. What starts off as a small issue can quickly snowball into a catastrophic problem with financial and reputational consequences. Building a comprehensive culture of risk awareness, accountability and mitigation will be key to keeping these issues in check.

GDPR: Technology Can Make a Big Difference to Compliance

At the summit, MetricStream released the findings to its latest survey report, GDPR: Are Enterprises Ready to Protect Personal Data? The majority of the respondents (55 percent) reported that they did not expect to make the May 25 GDPR compliance deadline. What’s more, less than 40 percent of the respondents indicated that their enterprises were prepared or fully prepared to manage complaints or inquiries around complex GDPR data subject rights such as the right to erasure, the right to restrict processing and the right to data portability.

Technology, however, appears to make a difference to compliance success. Fifty-three percent of the respondents who had implemented GRC solutions reported that they would be GDPR compliant by the May 25 deadline. Moreover, 70 percent of the respondents using GRC solutions indicated being either confident or highly confident that their data protection program would stand up to legal scrutiny by regulators and courts.

Better Cybersecurity through Better Collaboration and Consolidation

Many participants and speakers at the summit talked about cybersecurity risk as their number one business risk. Compounding the challenge are a growing cyberattack surface, rapidly evolving cyber threats and inconsistencies in cyber risk reporting and communication.

Having said that, significant progress is being made toward overcoming these challenges. Mark Kneidinger, Director of Cybersecurity & Communication, Federal Resilience at the Department of Homeland Security (DHS), talked about how federal agencies are reducing their attack surface by consolidating networks and using shared services. Risks are being communicated more effectively to management teams using common risk taxonomies developed with the help of the NIST cybersecurity framework. And finally, through greater collaboration and exchange of data between federal agencies as well as the private sector, there is better awareness and readiness for emerging risks and threats.

Performing with Integrity

MetricStream CEO Mikael Hagstroem talked extensively about trust and integrity being the bedrock of business success, particularly in a digital world without secrets. Everything organizations do today is under continuous scrutiny, not just from regulators and stakeholders, but also from a larger, hyperconnected society where people have tremendous computing and communication power at their fingertips.

In this world, businesses are judged and measured not only against financial metrics, but also — and perhaps more so — against how effectively they are able to meet social expectations of corporate behavior. As they rise to meet this demand, the role of GRC will be to not only manage known risks or monitor compliance with regulations, but also help organizations cultivate a culture of trust and integrity as the foundation on which they build satisfied clients, engaged workforces and successful brands.

To know more about the GRC Summit, visit https://www.grc-summit.com/us/2018/

[1] The CXO panel featured John Beeler, EVP, Chief Compliance Officer, Salesforce, Doug Watt, Chief Audit Executive, Fannie Mae, Eileen Fahey, Chief Risk Officer, Fitch Ratings, Steve Rampado, Partner, Deloitte & Touche LLP. Moderated by Gaurav Kapoor, COO, MetricStream


Tags: Artificial Intelligence (AI)Cyber RiskGDPR
Previous Post

ERM is Dead! Long Live ERM!

Next Post

What to Expect When You Are Expecting (to File under HSR)

Gaurav Kapoor

Gaurav Kapoor

Gaurav Kapoor is co-CEO and co-founder of MetricStream. He has also served as chief operating officer with responsibility for the overall strategy, marketing, sales, partners, customer success, services and support. Prior to that, he served as chief financial officer of MetricStream until 2010. He has nearly a decade of international operating experience with Citi and other organizations. He has been serving as an adviser and on the board of other Silicon Valley tech companies.

Related Posts

news roundup data grungy

DEI, Immigration Regulations Lead List of Employers’ Concerns

by Staff and Wire Reports
May 9, 2025

Half of fraud driven by AI; finserv firms cite tech risks in ’25

ai policy

Planning Your AI Policy? Start Here.

by Bradford J. Kelley, Mike Skidgel and Alice Wang
May 7, 2025

Effective AI governance begins with clear policies that establish boundaries for workplace use. Bradford J. Kelley, Mike Skidgel and Alice...

robot reviewing contract

9 Emerging Use Cases for AI in TPRM

by Miriam Konradsen Ayed and Craig Moss
May 6, 2025

(Sponsored) As third-party ecosystems grow more complex, compliance teams face mounting pressure to assess and monitor external relationships effectively. Miriam...

state laws us map

States Are Passing AI Laws; What Do They Have in Common?

by Kevin M. Alvero
May 6, 2025

Companies face expanding disclosure requirements and potential third-party scrutiny amid state-level regulatory wave

Next Post
businessmen shaking hands

What to Expect When You Are Expecting (to File under HSR)

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights