No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Reassessing the GRC Industry Outlook Well Into 2020

COVID, Digital Transformation Heighten the Importance of GRC

by Matt Kunkel
September 23, 2020
in Compliance, Featured
black binoculars on yellow background

With normal, day-to-day business processes interrupted and organizations increasingly adopting cloud infrastructure services, the GRC landscape is rapidly changing. LogicGate CEO Matt Kunkel offers predictions based on changes he’s seen within risk and compliance management this year.

Things in governance, risk, and compliance (GRC) change really quickly. And if you throw in the fact that normal, day-to-day business practices have been disrupted as a result of the pandemic, our compliance and risk mitigation processes have been drastically altered since the start of the year.

With this new environment, businesses have been forced to compress their digital transformation timelines, producing an uptick in cloud-based investments. According to Synergy Research Group, through the first quarter of 2020, corporate spending on cloud infrastructure services reached $29 billion, a 37 percent increase over the same quarter last year.

Increased demand for cloud services and emphasis on digital transformation initiatives throughout the first and second quarters of the year not only heighten the importance of GRC now, but also as we look toward Q4 2020 and beyond. The outlook of the entire governance, risk and compliance industry has changed. C-suite executives and GRC professionals alike need to understand the new requirements, best practices and paradigm set before us.

With all that is happening within the GRC space, transforming entire business structures and functions, it’s best to reassess predictions and where we are as an industry.

Managing a Spiderweb of Third-Party Vendors

The rise of the cloud has led to the emergence of more third-party vendors and outsourcing of non-core business functions. How does this impact the future of risk?

According to estimates, up to 50 percent of a large organization’s total workforce is outsourced, and in 2019, the global outsourcing market amounted to $92.5 billion. Furthermore, industries with high-risk potential and more nuanced compliance mandates, such as health care, are no different. According to Transparency Market Research, health care IT outsourcing, by itself, is expected to reach $61.2 billion by 2023.

While utilizing third-party vendors allows businesses to focus on core functions and is incredibly beneficial to bottom lines, it also raises many privacy and security concerns. As third-party networks expand, those vendors have third parties of their own, creating a complex spiderweb of programs and data.

And with consumer data privacy legislation like CCPA and CPRA on the rise, CEOs and other C-suite executives need to get in front of risk mitigation processes and security concerns. They can no longer afford to be reactionary; they must be proactive.

In order to securely manage third-, fourth- and even fifth-party vendors, more organizations will look to partner with GRC cloud solutions with the capacity to screen potential partners against lists of high-risk individuals or entities and offer risk-scoring metrics, ongoing compliance assessments and escalation frameworks.

Risk-Monitoring Analytics

As more companies invest in quantifying and benchmarking risk, robust risk-monitoring analytics will soon become the most important aspect of GRC processes.

In order for businesses to simultaneously scale and grow during this time, they need to turn risk into opportunity. Because GRC is constantly changing, the ability to measure mitigation and vulnerability via metrics and data gives an organization a 360-degree view of its risk profile. Thus, the ability to more easily identify the interconnectivity of various GRC processes enables organizations to make more informed, strategic decisions.

In the future, it’ll be easier for risk managers to identify, define, gather and process risk data according to the company’s risk tolerance, making it easier to assign financial value. With assigned financial values, it’ll also be easier to communicate risk opportunities with the board, C-suite executives and other departments.

Quantitative data yields a more straightforward, specific approach to risk scoring. Similar to assigning dollars and cents to risk opportunity, managers can eventually determine the probability of risk within organizational activities and, subsequently, the amount of money at risk. Ultimately, GRC analytics have the ability to change much more than just GRC processes, as it can scale entire enterprise-level businesses.

RPA: The Future of GRC

There’s certainly a variety of different automated processes that SaaS solutions, digital transformation initiatives and management platforms can utilize: AI, machine learning and robotic process automation (RPA) to name a few. But, within GRC, RPA is the future.

RPA works so well because of the many risk and compliance functions that follow a formal process. There’s a much clearer path to automate those steps as companies put more and more data through specific processes. As a result, RPA gives businesses the fortitude to make smarter decisions more quickly while also freeing talent from tedious, mind-numbing manual tasks and allowing them to take on more strategic, complex work.

That being said, not all companies looking to implement RPA within their GRC processes are ripe for success. The P (process) in RPA determines organizational progress and improvement.

RPA is a force multiplier, meaning it’ll enhance good processes and make them better, but it will make bad processes even worse. So, it’s vital for companies to have refined workflows before turning to technology to keep GRC momentum. In order to drive top-line revenue growth, businesses must have a culture of risk and compliance already in place, with great emphasis from all levels of organizational structure, top to bottom.

GRC Becomes About Revenue Generation, Not Just Asset Protection

Many view risk as revenue protection; especially CEOs and board members. But, if leveraged properly, risk can be a major revenue driver for businesses.

Companies need to devise proper GRC processes that reflect modern-day risk management practices, like risk-scoring and predictive analytics. With these reporting capabilities constantly monitoring up-to-date companywide initiatives and holistic, customizable visualizations, risk managers and CISOs can provide CEOs and other C-suite executives with valuable information. This information includes quantifiable, digestible insights and data transforming all departments – not just finance or legal, the functions most traditionally associated with risk. They can then identify and respond to the most pressing concerns affecting the health of their organizational structure, internally and externally, and better predict the outcomes of business decisions.

For example, risk managers and a cloud-based GRC platform can quantify, in terms of percentages and dollars and cents, the risk and payoff associated with entering a new market or vertical, even in a more tightly regulated industry, like health care or finance.

Businesses need to remember: Risk isn’t a bad thing. Companies are built and scaled based on taking big, strategic risks.

With companies executing digital transformation initiatives earlier than anticipated and, in some cases, rushing implementation processes, they’re exposing themselves to greater risk and compliance concerns. As a result, the importance and presence of GRC will only continue to grow. Yet, within an ever-changing landscape, risk and compliance managers and C-suite executives need to reassess internal processes and, in the case of third-party risk evaluation, external processes.


Tags: Cloud ComplianceCOVID-19Robotic Process Automation (RPA)
Previous Post

IBM Brings Risk Analytics to Security Decision Making

Next Post

Is Your Company Future Ready?

Matt Kunkel

Matt Kunkel

Matt Kunkel is Co-Founder and CEO of LogicGate. Prior to LogicGate, he spent over a decade in the management consulting space, building technology solutions to operationalize regulatory, risk and compliance programs for Fortune 100 companies. It was during this time he learned the skills to realize his true calling: building world-class companies that meaningfully affect the lives of others through user-friendly technology. Given his extensive background in the GRC space, Matt regularly speaks and consults on risk and compliance topics. Recently, he was named an Ernst & Young finalist for the Entrepreneur of the Year® 2020 Midwest Award.

Related Posts

uvalde crosses

Will 2023 Bring More ‘Permacrisis’ Culture?

by Lisa Schor Babin
January 4, 2023

While 2022 had no shortage of chaotic events, ethics columnist Lisa Schor Babin shares her hopes for 2023 — and...

data spillage

Instead of Crying Over Spilled Data, Shore up Your Governance Practices

by Rich Hale
October 12, 2022

The reputational damage and compliance failures that result from a data spillage incident are well-known, and as the volume of...

amazon web services

Dark Clouds: Capital One Proves Financial Institutions Can’t Rely on Providers for Security

by Michael Volkov
September 7, 2022

Going by the online handle “erratic,” a former Amazon software engineer conducted an extensive hacking scheme that gave her access...

Hidden Threat? They Know There’s a Problem, But Companies Are Still Failing to Intercept Real-World Dangers

Hidden Threat? They Know There’s a Problem, But Companies Are Still Failing to Intercept Real-World Dangers

by Staff and Wire Reports
August 17, 2022

From climate change to the Covid-19 pandemic to hateful political rhetoric — modern society poses risks not only to the...

Next Post
woman holding card that reads "be prepared"

Is Your Company Future Ready?

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT