No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Governance

GRC Priorities for 2016: Getting Convergence Right

by Scott Wisniewski
February 5, 2016
in Governance
GRC Priorities for 2016: Getting Convergence Right

Even as the governance, risk and compliance (GRC) industry focuses on convergence as a way to simplify, enhance and accelerate GRC programs, it is essential that GRC stakeholders acquire the ability to manage unique workflows and adapt to relevant changes in technology, regulations and business profiles.

Considerations

Here are three key considerations organizations should keep in mind as they approach convergence this year:

Organization risk management needs to be more agile.

One of the dominant GRC themes we see is the need to manage risk with greater agility. Increased regulatory expectations and the ongoing emergence of new risks represent a new, permanent operating paradigm. For many organizations, the status quo approach has been to adapt by expending significant time, money and resources to implement individual solutions that make limited use of information from other assurance functions and do not feed into a more holistic risk picture.

A better approach – an agile approach – is flexible and nimble enough to respond to the changing environment effectively and efficiently, before evolving risks can have a major impact on customers, shareholders and employees. By aligning the organization and enabling informed executive decisions, agile risk management will enable successful anticipation and response to a rapidly-changing environment, resulting in greater operational excellence and customer satisfaction.

Fundamental to creating an agile risk management framework is implementing technology and processes that create a unified operating model for business management and risk management, with clear first-, second- and third-line of defense accountability.

Organizations will more aggressively pursue GRC convergence, but in doing so, they must not forget the basics with regard to people, processes and technology.

According to the fashion idiom “everything old is new again,” fashions go out of style, then come back with a modern twist. In 2016, organizations will need to refocus on the basics of people, processes and technology. In a world in which rapidly released whiz-bang technologies promise to solve all problems, too many companies tend to buy a new technology before they have created an adequate GRC framework that addresses these foundational elements of the business. This has to be a framework that takes into account the needs of all stakeholders, that anticipates the end state of the business processes they want to support and that can grow and adapt as their risk profile changes.

The good news is that modern GRC applications are far more extensible and configurable than they used to be, such that organizations’ integrated GRC frameworks can be supported by a number of platforms. But it is imperative that this not be taken as a license to “put the cart before the horse” and take a technology-first approach.

To implement new technologies successfully, organizations need to get back to first looking across the five other key elements of their GRC infrastructures: the organization of the business, the policies that need to be implemented, the processes that need to be supported, the methodologies to be used and the reporting requirements. Once this is done, the right technology can be implemented to ensure an agile, scalable environment that effectively supports the organization’s changing needs.

Organizations are well served to leverage existing infrastructure as part of their convergence strategy.

To respond to risk with agility, organizations need a harmonized GRC framework that allows for differences among stakeholders. They also need a foundational technology architecture that supports bringing different stakeholder groups together to share GRC process information – while allowing differences to exist and providing key capabilities that relate to a particular domain.

To achieve this, organizations – and the GRC industry in general – need to realize there is no one-size-fits-all solution. And while it’s important to converge GRC activities as much as possible when there is true synergy, most organizations will need to continue to rely on different existing systems that meet their particular needs. As a result, GRC committees tasked with coordinating multidisciplinary efforts will be well served to consider elements of their existing infrastructure that can provide an overlay of workflow and reporting that allows different systems to complement each other and enable holistic management dashboards.

For example, findings and actions management is a good example of where synergy and differences may exist across stakeholders. Whereas individual assurance functions typically have a need to log issues in their specific documentation system, these issues may be promoted to an enterprise issue management system – such as a centrally designated GRC platform or SharePoint – to provide business owners with a single place for acting upon their assigned issues.

Yes, convergence will be a key GRC theme in 2016, but it is essential for organizations to take a smart approach to convergence in order to increase agility and drive down costs while ensuring that all GRC stakeholders will have the workflow and reporting solutions they need.


Tags: financial statements
Previous Post

The Modern Slavery Act: Supply Chain Risk Management

Next Post

Technological Fraud in Cycling and the Myth of the Rogue Employee

Scott Wisniewski

Scott Wisniewski

Scott Wisniewski is a managing director in the Risk Technology Solutions practice at Protiviti, a global consulting firm. He is responsible for implementing technology solutions that help companies define, communicate, and monitor governance, risk and compliance activities across the enterprise. He is focused on helping clients adopt best-of-breed technology approaches that appropriately utilize off-the-shelf software while leveraging elements of their existing IT infrastructure to accelerate business process enablement. He also leads development of Protiviti’s proprietary technology, with a core focus on helping clients implement multidisciplinary GRC programs.

Related Posts

integrated governance, risk management, and compliance solutions have numerous benefits

Clean House, Better Business

by Sam Abadir
June 9, 2016

Sam Abadir, Director of Product Management at LockPath, discusses how a holistic approach to governance, risk management and compliance (GRC)...

Then and Now: How Tech is Shaping the Audit

Then and Now: How Tech is Shaping the Audit

by Beth Paul
January 8, 2016

Advancements in technology have impacted nearly every corner of the world – the audit is no exception. Technological shifts have...

Seeing Is Believing: The Powerful Potential Video Brings to Compliance (Part 2)

Seeing Is Believing: The Powerful Potential Video Brings to Compliance (Part 2)

by Bob Paulsen
January 5, 2015

We live in an increasingly mobile world, and with much of the workforce continually on the go, training solutions that...

Seeing Is Believing: The Powerful Potential Video Brings to Compliance (Part 1)

Seeing Is Believing: The Powerful Potential Video Brings to Compliance (Part 1)

by Bob Paulsen
December 18, 2014

Effective change management and effective compliance don't have to be mutually exclusive terms, though the concepts are often viewed as...

Next Post
Technological Fraud in Cycling and the Myth of the Rogue Employee

Technological Fraud in Cycling and the Myth of the Rogue Employee

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT