How to address the increased cost of Risk & Compliance by working smarter.
Many companies have an increased cost of Risk & Compliance activities as requirements from regulators and society in general has exploded.
No company wants to be the next “bad guy” in the media with a negative story whether is true or false. The preferred solution has been to hire a lot of Compliance professionals and to implement a lot of manual checks and internal policies for the employees to follow.
We believe that it is time to address this challenge differently, by working in a more structured and automated way.
Today there are multiple suppliers on the market offering great solution to implement structure and automation in your compliance work. These systems are in popular terms called Governance, Risk & Compliance tools (GRC tools), however the terms are not really expressing what they offer as the entire business will get even more benefit from these tools than the Risk & Compliance functions.
Governance, risk and compliance technology is defined as the IT systems that support and/ or enable the business and (embedded) GRC processes.
Great opportunities with system supported Governance, Risk & Compliance
When we work with our customers we see different business units within the same organization have adopted their own ways of working and adopted/developed their own systems to support this.
E.g. we see many clients where standard operating procedures are stored and adjusted locally. Some are documented in PowerPoint other using Word or even a third format. Same goes for visual process descriptions, where we normally see Visio, Excel, process modelling tools or sometimes no process descriptions exist. Another example is internal controls description. Sometimes there is a description of the designed control and a clear description on how to document the performance of the control activities, sometimes there is not, making it rather difficult to get a full picture of the control environment.
Using a system to support some of the above activities, will help to in having a single platform where you can find all relevant information, when it comes to steering and controlling your company. The examples above are just a few, there are numerous examples of areas where a system can support you to increase effectiveness. Below is an overview of areas where a GRC tool can support you, it is not an exhaustive list as there are other areas as well to include.
There are a lot of GRC system vendors on the market. It is therefore vital to ensure you pick the ones that meets your requirements in the best way. When prioritize your time in the different phases in such a project, ensure that the planning phase is where you spent the most. This is the phase where you decide what you want to accomplish by implementing the GRC system, this could be one or more of the following:
Once you have decided on the purpose and your must have functionality it is time to screen the market for vendors and assess their solution. You will then have a ranking of solutions where some score better than others. In this way your final decision on choosing a vendor is based on solid data. It is absolutely key that you invite the vendors for live demo-sessions to see what they can deliver out of the box to your organization and to get an understanding of what you need to customize.
We are here to support your journey
We have extensive experience in both selecting and implementing GRC systems and therefore do not hesitate to contact us if you want to hear more or need some inspiration to get started.
Written by Simon Rath