Why Mobility In Governance, Risk And Compliance Is A Must-Have Element In Organisations

What are the advantages of mobilising your governance, risk and compliance applications? Our partners at MetricStream put together an excellent post on how combining robust analytics with mobility can take the effectiveness of your GRC program to next level. This post originally appeared on the MetricStream blog and was published here with permission.

In a world where business is not confined to one office or even a specific geography, and where important business decisions oftentimes have to be made on-the-go, mobile devices are no longer viewed as a ‘nice to have’ element in organisations. Mobility has rapidly become a ‘must have’, as executives who lead teams and make important decisions are expected to collaborate, analyse, and lead their teams from wherever they are in the world.

It’s important to understand the pace at which mobile technology is evolving and transforming business, and whether your business is taking full advantage of the value and benefits that mobility offers. Incorporating mobility into your business strategies will not only help accelerate the manner in which business activities are carried out, but will also help to simplify and streamline end-to-end business processes.

Governance, Risk Management, and Compliance (GRC) solutions are no exception here. GRC has become an essential business application in organisations large and small, who are looking to gain a better understanding of their business in the context of today’s evolving risk landscape, where regulatory requirements are becoming more stringent, and corporate governance is in the spotlight. In this current business context, mobile GRC applications support productivity and real-time analysis and decision-making.

One industry where we are seeing increasing interest and adoption of mobile GRC applications is within the Government and Federal sector. The ability to understand, engage and communicate with constituents around the world in real time, as well as ensure a tighter top down and bottom up governance process can be done easily and effectively with mobile GRC applications.

Implementing Mobility for GRC

If your organisation or business unit is looking to reap the benefits of mobility in GRC, here are some areas to keep in mind:

Identifying Business Processes and Workflows: An organisation or a business unit has to determine which workflows and business processes can be mobilised. Many activities like conducting surveys, carrying out audit activities, or triaging customer complaints or issues are easy areas to start with. You can also assess this from the lens of productivity, i.e. identifying the workflows or situations in which decision making is slow due to the decision maker not being on premise or at his or her desktop.

Identifying the Right Use Cases: The organisation or the business unit needs to identify the use cases that can be mobilised. Obviously, you won’t put your entire desktop on a mobile application. Effectively selecting the right use cases is an important first step in the broader mobility implementation effort.

Number of Users: An important question to ask yourself, is how many users need to have access to organisational information and processes on their mobile device? Mobility efforts can be implemented in a phased approach, for example, you can start with 30% of the overall user base in the first phase. This can give your IT and other project teams more time and bandwidth to implement the mobile solution most efficiently and effectively.

Demonstrate ROI on your Use Case: Capturing and reporting out on the ROI is important for demonstrating value. This also helps in supporting future decisions about the capacity and scale at which additional solutions need to be implemented.

Type of Devices: This has a heavy bearing on the technology infrastructure that is to be used as well as the overall setup. Whether or not iOS / Android / Windows Mobile needs to be supported is an important decision that must be made upfront, as the solution, cost and approach of the app delivery will vary considerably.

Security Versus Usability: This is one of the most important things to take focus on. Whether you implement BYOD (Bring Your Own Device) or COPE (Corporate Owned Personally Enabled), each will have an impact on how the security model has to be built for mobile applications, as well as the data backup mechanisms. Also, deciding on which MDM tools and the integration with them is an important consideration,

Business users typically don’t like the intrusive nature of implementing security processes on the mobile applications. There is always a fine line between applications that are ‘user friendly’ versus applications that are ‘secured’. Building in the right level of security, as per the company policy regarding mobile applications and infrastructure, is very important.

Mobility solutions for the GRC space typically include the following features:

1. People on the move should get the right notifications at the right time across various touch points

2. Approval of accesses / deviations / buying decisions through a single platform

3. Identified risks, with priority ranking, and real time status

4. Dashboard of current issues and their status across all GRC apps, supported with the right GRC metrics

5. Modules which help Auditors do inspections and field work offline, without Internet access or connectivity

6. Location enabled audit and survey apps, which simplify the process of capturing video or photo content and uploading to the application for analysis

7. Access to right set of supporting documents for decision-making

8. Facilitating whistle blowing and reporting of issues

Conclusion

Combining robust analytics with mobility can take the effectiveness of your GRC program to next level. Having the right data, and then being able to act and make decisions in a more timely manner can empower decision makers, thereby increasing their effectiveness.

In conclusion, by mobilising GRC applications, you can help transform the effectiveness of how risks are being identified and managed. Reduction in the time taken to make better decisions while also on the move, the availability of critical data in real-time and more effective compliance activities will ultimately result in increasing your organisation’s bottom line. If you have not already mobilised your GRC program then it’s time to think about how you can play a role in making GRC truly pervasive across your organisation!