Limiting an organization’s exposure to risk has long been a challenge for both IT and finance departments. From IT’s perspective, technology is designed to protect data and assets from internal and external threats, while finance ensures that a company remains financially viable and compliant.
This joint dynamic plays into the daily routine of executives who are directly responsible for governance, risk and compliance (GRC) within their organizations. New technologies, regulations and potential liabilities seem to arise daily and these executives must mitigate all the risks involved.
A newly released GRC survey, conducted by SAP and Loudhouse Research, discovered that many companies are not satisfied with their tools to meet GRC regulations. According to the report, only 46 percent of GRC data that an organization has access to is effectively captured and used to support strategic goals, and nearly half (48 percent) of organizations have not reviewed their GRC processes or technologies for at least three years.
The lack of visibility has created a broader sense of dissatisfaction from executives with their GRC tools. According to the research, only 10 percent of the over 1,000 finance executives interviewed claimed they were content with their technologies and processes in place. Similarly, only 1 in 10 believed that their company was at a stage where GRC was satisfactorily embedded across the organization, with managers sharing a balanced view and common metrics across all projects and processes.
With the help of SAP’s Henner Schliebs, IT Business Edge examines how GRC professionals can make the case for greater support and assistance, in order to drive more value to the business and mitigate risk.
Making the Case for GRC
Click through for five ways GRC professionals can make the case for greater support and assistance, in order to drive more value to the business and mitigate risk, as identified by SAP’s Henner Schliebs.
Make a case for the strategic value of GRC.
While senior-level decision makers can get lost in the regulatory and technical nuances of GRC, the function is vital for every employee within a company. With most respondents of the survey citing lack of support as a leading cause for poor GRC tools and technology, pushing for an overhaul to the right people is a huge part of winning the battle. Supporting evidence will help with this effort – until a tangible case for the value of robust GRC processes and tools is made, GRC is in danger of being neglected.
Make a decision about who’s responsible.
Organizations must have a single person or entity responsible for GRC tools in order to ensure accountability. This person must be prepared to be the point person for questions regarding the GRC function. As many executives understand, accountability leads to action and progress.
Seek a holistic, future-proof solution.
To satisfy future ambitions, consider architecture that will allow GRC to integrate with other business functions. A solution should be end-to-end and fully integrate with finance and other operational processes. This will allow GRC to scale and map to the brand as it evolves.
Drive cultural change.
At every level of the business, GRC awareness and understanding should be a top priority. GRC should become a fundamental part of business processes and thinking, by educating an employee base of the dangers that can occur when not handled correctly. With every data breach, new regulation or industry mandate, this offers an opportunity to inform the broader employee base about its far-reaching ramifications.
Do it now.
It is important that companies react swiftly and proactively to regulatory pressures. As industries evolve and mature, having an efficient and integrated GRC function that eases this pressure is fast becoming a competitive advantage. On the other hand, a lack of maturity from GRC isn’t only inefficient, it’s dangerous. There’s a good chance that if your business isn’t far ahead with GRC, it’s already falling behind.