GRC Now Driven By Risk Management, Compliance Passé

Compliance is no longer the driving force behind Governance, Risk and Compliance (GRC), in fact according to a recent MetricStream survey, 70% of respondents said they embraced GRC primarily for risk management. In this post MetricStream explores the reasons behind the increasing focus on risk management and how technology can help companies build a streamlined and transparent GRC infrastructure. This post originally appeared on the MetricStream blog and was published here with permission.

The bankruptcy at Enron is undoubtedly one of the biggest examples of accounting frauds in corporate history, not just in America, but in the world. The Enron scam also proved a point that’s often understood well but ignored! It drove the point that a well-written Code of Conduct or Compliance Program Manual does not constitute an effective compliance program. Enron had a strong Code of Conduct, at least on paper, but all of that did not prevent the massive fall of the energy company.

The modern CIO finally seems to have come to terms with reality. If you think compliance is what drives the modern-day CIO towards Governance, Risk and Compliance (GRC), think again. For, GRC is maturing and evolving. Fast, pretty fast. While CIOs today are convinced of the importance of GRC, the rationale for investing in GRC has moved from compliance to risk management. Compliance has become a given.

In a recent MetricStream survey, 70% of the respondents said they embraced GRC to improve their company’s risk oversight. Others factors like cyber security, third party compliance and regulatory compliance of course are part of the drivers but they have become secondary to risk management.

So, what is risk management and what makes it complicated? The Financial Times lexicon defines Risk management as “The process of identifying, quantifying, and managing the risks that an organisation faces. As the outcomes of business activities are uncertain, they are said to have some element of risk.” What makes it complicated can be a couple of factors, but Mobility is currently ‘the’ factor contributing most to a company’s risk quotient. Mobility has moved beyond tablets and smartphones. Today, data itself is mobile. A CIO of one of the top banks said in a recent conversation with MetricStream: “I have 3,000 thousand apps on the cloud.” Now, that means data is everywhere, data is highly mobile.

To enable large-scale adoption, MetricStream, the market leader in GRC apps, is working on Pervasive GRC along with making GRC Simple. A truly unifying and Pervasive GRC technology can help organisations build a centralised and transparent GRC ecosystem. It can support an enterprise-wide culture of GRC awareness and accountability by enabling and empowering each employee and business function to manage their risk and compliance responsibilities independently, while simultaneously rolling up data from across the enterprise to provide a complete top-level GRC perspective. As part of its Pervasive GRC strategy, MetricStream provides GRC capabilities that are pre-integrated with the customers’ apps.

Making GRC simple is at the heart of MetricStream. “Our aim is to ensure the GRC requirements of our customers are seamlessly met and integrated with their existing Salesforce or ERP solutions,” said French Caldwell, Chief Evangelist at MetricStream.

The future: To make GRC all pervasive and all inclusive, it will require technologies like advanced analytics and advanced monitoring capabilities which will offer seamless availability of risk and regulatory intelligence.