This year, organisations have weathered the regulatory uncertainties following the Brexit vote. In order to maintain business productivity and security during such times, enterprises – while waiting for clarification on which of the EU laws alongside GDPR will continue to be enforced once Brexit takes place – are increasingly turning to integrated governance, risk and compliance (GRC) programmes.
Over the next year, as more enterprises revolutionise their current GRC processes with integrated, cloud-first GRC software to ensure an entirely compliant organisation, we’re going to see the market and GRC programmes continue to evolve in a number of ways.
GRC becomes simpler and more pervasive
Organisations are increasingly realising that for GRC to be truly pervasive, the processes and tools that support it need to be as simple and intuitive as possible. It’s already happening with new generations of GRC software that create more personalised and responsive experiences than ever, and cloud-based GRC deployments that are faster and more efficient. Developers and partners are collaborating to build more GRC apps that can cover the whole spectrum of requirements, including IT risk management, third-party management, and even regulatory change management. All of it brings us closer to achieving pervasive GRC.
Fewer workflows, more intelligence
GRC is no longer just about checklists, apps, capabilities, or workflows. It’s about building a true system of intelligence that leverages technologies such as natural language processing and artificial intelligence to glean critical risk insights from massive volumes of data. Imagine being able to automatically cluster thousands of suppliers into different groups based on specific variables, and then within each cluster, determine the outliers such as the highest risk suppliers, enabling organisations to take action proactively. That’s where GRC is headed, building intelligence not only for GRC practitioners but for executives, CEOs, and boardrooms. Just as enterprise resource planning (ERP) became the backbone of the system of transactions, and customer relationship management (CRM) built the foundations for customer engagement, GRC will become the building blocks for the system of intelligence.
GRC extends beyond the four walls of the organisation
As companies strive to grow leaner and more focused on their core competencies, they are outsourcing more of their business functions to suppliers, vendors, and partners. But with these third parties come a plethora of GRC issues. How can organisations manage a global ecosystem of suppliers? Can enterprises mitigate vendor risks before they impact the business? These are questions that GRC professionals are being called to answer. Today, when organisations think about audits, they must think about auditing their vendors as well. When managing risks or compliance, risk issues and regulations in their supply chains should be managed as well. The days of GRC residing exclusively within the four walls of the organisation are over.
A greater understanding of the value and power of the cloud
The cloud will continue to change the economics of software across the board, including GRC. Indeed, next-generation of GRC cloud infrastructure are already being built around the latest technologies such as VMware and Docker, as well as Amazon’s AWS and the Google Cloud. The GRC cloud will go beyond a traditional multi-tenant architecture in which data is co-mingled, and instead adopt a multi-instance approach. Meaning that customers will be able to fire up various GRC app instances in near real time, whether it’s an internal audit management app, an enterprise risk management app, or a third-party management app. More and more customers are deploying their GRC apps on the cloud, and companies are likely to follow suit as they focus on lowering costs and accelerating deployments.
Customers: the ultimate regulators
With the increasing adoption of social media and hyperconnectivity, the voice of the customer will grow louder than ever. Consumers will hold companies to standards higher than those of regulators. For example, at United Airlines when a video of a passenger being mistreated went viral, hurting the company’s brand, and when scores of customers deleted the Uber app because they disagreed with the company’s practices. That’s the power of the collective voice of the customers and companies will have to pay attention. Organisations will have to consider the risks associated with the voice of the customer, right at the centre of their GRC programmes. The more organisations address consumer risk issues, the more value they will gain, and the better prepared they will be to meet the highest customer standards.
The power of now
In a world of Instagram, Facebook, and Snapchat, companies and businesses will increasingly demand instant value. They will want to see results today, not after multiple quarters or long deployment cycles. Therefore, GRC professionals will need to find ways of meeting this need, whether through real-time reporting of risks, or through mobile audits that can be conducted anywhere, anytime. Organisations need more instant-download-instant-use innovations, and that’s the direction that GRC needs to continue heading in.
The promise of Artificial Intelligence (AI)
Who would have thought that someday, restaurants would make entire pizzas using AI? It’s already happening, AI is changing the world as we know it, and this will project into how GRC is performed and delivered. Future generations of GRC software will have natively built AI algorithms that may be able to discover risk automatically or predict compliance behaviours and patterns based on machine learning. Many GRC tools are already incorporating capabilities such as predictive modelling, mind maps, and advanced visualisation. But these are just baby steps. GRC teams and solution providers will need to work together, and collectively find ways of making AI a real asset in GRC.
Turning data into insight
Over the next ten years, date will explode even more than it is already. It will create tremendous opportunities from a business perspective but companies will also have to learn how to harness data into their GRC programmes, and find the needle in the haystack – areas of critical risk, compliance, or governance – that need to be addressed with priority. Data will need to be tamed, both in terms of volume and velocity, as well as security.
New technologies are continuing to change every aspect of our lives today. These trends and predictions reflect how the interconnectivity that businesses are already experiencing with both other businesses and with consumers are holding organisations to a higher standard than ever before. It is important for businesses to take the future into their own hands and utilise GRC technologies to ensure GRC processes perforate internally, as well as – perhaps more importantly now – that the GRC protection expands externally through the whole business network.
Gunjan Sinha, executive chairman, MetricStream
Image source: Shutterstock/violetkaipa