GRC of the future

May 22, 2019

GRC creates security and opportunities for businesses by supporting the management and management of the business in a good way. To be able to live with an acceptable level of risk, GRC ensures that risks are identified, assessed and managed. In addition, GRC creates an environment where different regulations, both external or internal, can be followed and complied with.

For many businesses, digitization facilitates increased value creation and innovation in addition to renewed, simplified and automated business processes. GRC is an important building block for the success of digitization, but in many cases the GRC is not always included in the digitization journey. Why not? For many businesses, the GRC is seen as an inertia that slows down and prevents the new agile working methods that support and enable digitization. This can lead to the development and continuous improvement of digital products and services that are vulnerable to new risks and threats, are exposed to quality issues, and do not comply with new and existing regulatory requirements (such as PSD2, IDD, GDPR, Security Law, ICT Regulations, and more).

In order to realize their digital ambitions and digital gains, the company’s management processes, risk processes and compliance should be digitized. In addition, the GRC should play a central role in the digitization work. This can be achieved through an approach called TG for the GRC of the future.

GRC of the future – security and opportunities in the digital world

The GRC of the future brings a digital approach to the GRC work by creating security and opportunities for organizations in the digital world. There are two different ways to digitize the GRC and the approach that is most relevant depends on the business’s digital ambitions. The first approach is to digitize one or more of the GRC processes. This is about using analytical / LEAN thinking and digital technologies (such as robotization) to streamline and automate management processes, risk processes and compliance. Digitizing GRC processes promotes innovation, quality and other digital gains by speeding up, smoother, and dynamic GRC processes. To succeed in digitization, GRC should be part of the digitization journey and another way of digitizing the GRC is to use it as a tool for digitization work. This approach applies to the digitization of the entire business or part of it, and is based on a comprehensive approach to GRC that transcends the entire organization, processes, applications, data and technologies of the enterprise. The approach significantly increases the likelihood of succeeding in digitization and can secure the benefits expected from digitization.

6 principles for the future GRC that supports the digitization journey

The GRC of the future requires the establishment and introduction of several basic principles for GRC that make GRC fast, flexible and dynamic in the digital context. The principles are described below:

  1. GRC is integrated into the digitization strategy and the company’s target images. This principle requires GRC to be an integral part of the digitization strategy and target images, and is embedded in the corporate governance processes for digital management. Important focus areas include strategy and innovation, management and management, customer focus, organization and culture, technology and information, as well as operating model and processes.
  2. Consumers, customers and employees are always in focus. By engaging the business’s consumers, customers and employees in the development of products and services, the business can form a precise picture of expectations and requirements. By mapping the customer experience and the customer experience, it can continuously identify what works well and less well with the product / service based on the user’s point of view and ensure continuous communication with the users throughout the product’s life cycle.
  3. Approach to GRC is holistic and coordinated across the business. This principle requires a common approach to digital governance carried out over the organization, process, applications, data and technology of the enterprise, coordinating the implementation of management processes, risk processes and compliance so that “GRC silos” can be avoided.
  4. Fast, smooth and dynamic approach to GRC. Digitization work requires a fast, flexible and dynamic working method, and it is important to use such an approach to the GRC work. This means that controls and measures must be incorporated into project management and management of change / change in such a way that control can still be carried out in a smooth and iterative manner. For example, in cases where Scrum / Kanban is used, information security measures must be integrated with these methods, so that the measures are also implemented in an even and iterative manner.
  5. The GRC processes are digitized. With this principle, the goal is to streamline and automate one or more of the company’s GRC processes using LEAN thinking, “reg-tech”, robotization technology and other digital technologies. This includes the processes for monitoring the control environment (“compliance dashboard”), establishing objectives and measuring parameters for implemented measures, incident management, risk assessment, handling of nonconformities, collecting and processing of compliance data, implementation of internal controls and measures and measuring the effect of the measures. (e.g., measurement of behavior and other control tests). Which processes should be digitized depends on the company’s digital ambitions.
  6. New digital risks and opportunities are proactively managed to support strategic goals. Digitization unlocks new opportunities but can also lead to new threats and risks. It is therefore important to establish a comprehensive approach to risk management that takes into account the current and future threats and risks. This approach should take into account business practices such as integrating risk assessment and management with agile project management and operation / change approaches. When it comes to the opportunity picture, “new startup” texting can be used to quickly test and pilot new ideas, opportunities and products / services.


GRC is an important prerequisite for the success of digitization, but is not always included in the digitization journey. In order to realize their digital ambitions, the company’s GRC processes should be digitized and the GRC should play a central role in the digitization work. This can be achieved through an approach called TG for the GRC of the future. Depending on the company’s digital ambitions, one or more of the company’s GRC processes should be digitized. The GRC of the future can also be used as a tool to succeed in digitization, where the entire business or parts of the business can be digitized. Six basic principles for the future GRC ensure that the business can succeed with GRC in a digital context. The principles include integrating the GRC into the digitization strategy, setting the focus of consumers, customers and employees, a coherent and coordinated approach to the GRC, using a fast, agile and dynamic approach to the GRC, digitizing the GRC processes, and continuously identifying and managing new digital risks and opportunities.

Author: Martin Guy Williams

Related news