Wednesday, January 27, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Governance

GRC Priorities for 2016: Getting Convergence Right

by Scott Wisniewski
February 5, 2016
in Governance
GRC Priorities for 2016: Getting Convergence Right

Even as the governance, risk and compliance (GRC) industry focuses on convergence as a way to simplify, enhance and accelerate GRC programs, it is essential that GRC stakeholders acquire the ability to manage unique workflows and adapt to relevant changes in technology, regulations and business profiles.

Considerations

Here are three key considerations organizations should keep in mind as they approach convergence this year:

Organization risk management needs to be more agile.

One of the dominant GRC themes we see is the need to manage risk with greater agility. Increased regulatory expectations and the ongoing emergence of new risks represent a new, permanent operating paradigm. For many organizations, the status quo approach has been to adapt by expending significant time, money and resources to implement individual solutions that make limited use of information from other assurance functions and do not feed into a more holistic risk picture.

A better approach – an agile approach – is flexible and nimble enough to respond to the changing environment effectively and efficiently, before evolving risks can have a major impact on customers, shareholders and employees. By aligning the organization and enabling informed executive decisions, agile risk management will enable successful anticipation and response to a rapidly-changing environment, resulting in greater operational excellence and customer satisfaction.

Fundamental to creating an agile risk management framework is implementing technology and processes that create a unified operating model for business management and risk management, with clear first-, second- and third-line of defense accountability.

Organizations will more aggressively pursue GRC convergence, but in doing so, they must not forget the basics with regard to people, processes and technology.

According to the fashion idiom “everything old is new again,” fashions go out of style, then come back with a modern twist. In 2016, organizations will need to refocus on the basics of people, processes and technology. In a world in which rapidly released whiz-bang technologies promise to solve all problems, too many companies tend to buy a new technology before they have created an adequate GRC framework that addresses these foundational elements of the business. This has to be a framework that takes into account the needs of all stakeholders, that anticipates the end state of the business processes they want to support and that can grow and adapt as their risk profile changes.

The good news is that modern GRC applications are far more extensible and configurable than they used to be, such that organizations’ integrated GRC frameworks can be supported by a number of platforms. But it is imperative that this not be taken as a license to “put the cart before the horse” and take a technology-first approach.

To implement new technologies successfully, organizations need to get back to first looking across the five other key elements of their GRC infrastructures: the organization of the business, the policies that need to be implemented, the processes that need to be supported, the methodologies to be used and the reporting requirements. Once this is done, the right technology can be implemented to ensure an agile, scalable environment that effectively supports the organization’s changing needs.

Organizations are well served to leverage existing infrastructure as part of their convergence strategy.

To respond to risk with agility, organizations need a harmonized GRC framework that allows for differences among stakeholders. They also need a foundational technology architecture that supports bringing different stakeholder groups together to share GRC process information – while allowing differences to exist and providing key capabilities that relate to a particular domain.

To achieve this, organizations – and the GRC industry in general – need to realize there is no one-size-fits-all solution. And while it’s important to converge GRC activities as much as possible when there is true synergy, most organizations will need to continue to rely on different existing systems that meet their particular needs. As a result, GRC committees tasked with coordinating multidisciplinary efforts will be well served to consider elements of their existing infrastructure that can provide an overlay of workflow and reporting that allows different systems to complement each other and enable holistic management dashboards.

For example, findings and actions management is a good example of where synergy and differences may exist across stakeholders. Whereas individual assurance functions typically have a need to log issues in their specific documentation system, these issues may be promoted to an enterprise issue management system – such as a centrally designated GRC platform or SharePoint – to provide business owners with a single place for acting upon their assigned issues.

Yes, convergence will be a key GRC theme in 2016, but it is essential for organizations to take a smart approach to convergence in order to increase agility and drive down costs while ensuring that all GRC stakeholders will have the workflow and reporting solutions they need.


Tags: financial statements
Previous Post

The Modern Slavery Act: Supply Chain Risk Management

Next Post

Technological Fraud in Cycling and the Myth of the Rogue Employee

Scott Wisniewski

Scott Wisniewski is a managing director in the Risk Technology Solutions practice at Protiviti, a global consulting firm. He is responsible for implementing technology solutions that help companies define, communicate, and monitor governance, risk and compliance activities across the enterprise. He is focused on helping clients adopt best-of-breed technology approaches that appropriately utilize off-the-shelf software while leveraging elements of their existing IT infrastructure to accelerate business process enablement. He also leads development of Protiviti’s proprietary technology, with a core focus on helping clients implement multidisciplinary GRC programs.

Related Posts

illustration of executive standing center stage with team in silhouette behind him

COVID-19: Navigating the “CEO Moment”

January 13, 2021
clipboard with silver bow and new year's resolutions list on blue background

New Year’s Resolutions for the Board in 2021

January 11, 2021
PwC: Board Effectiveness – A Survey of the C-Suite

PwC: Board Effectiveness – A Survey of the C-Suite

December 28, 2020
quality level dial set to "high"

Caremark: Even the Highest Standard Can Be Met

December 23, 2020
Next Post
Technological Fraud in Cycling and the Myth of the Rogue Employee

Technological Fraud in Cycling and the Myth of the Rogue Employee

Access realtime data
Dynamic Risk Assessments with Workiva

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights