| |AUGUST 20169Consultants ReviewThe effectiveness of GRC function in ensuring organization meet its stated objectives in a well-managed and compliant environment can be further enhanced through the use of technologyautomate work associated with the documentation and reporting of the risk management and compliance activities that are most closely associated with corporate governance and business objectives. The key functions of GRC software generally are audit management, policy management, compliance management and risk management. We see organizations moving towards an integrated platform solution (from spreadsheets) to integrate multiple aspects of GRC seamlessly, drive continuous improvement in the program and also to provide top management real time view of GRC posture in the company.#2: Linking GRC to Overall Information Management StrategyAs organizations evaluate their current risk information and data needs, executives involved with GRC will find it valuable to work with their CIO and IT functions and consider the organization's information management strategy and capabilities as they make decisions to purchase, enhance, or build GRC support systems. These organizations might also find it beneficial for the GRC program to actively participate in the overall IT governance process so their needs for risk information can be incorporated into the organization's information management strategy. More mature GRC programs will find it beneficial to align their activities with their organization's strategic planning and goal-setting processes.Future risk applications using this technology can further enhance risk management when integrated with workflow process and business rule logic software. Business rules systems can be pre-programmed to seek out and capture emerging risk data within transaction execution systems and present these data points to management in more consumable formats.#3: Analytics Driving Real Time and Accurate GRC Decision Making With data exploding across organization and the supply chain extending beyond the organizational boundary, driving GRC objectives is getting increasingly complex. GRC influences multiple organizational decisions and having a data driven GRC program is required to connect and correlate events occurring within and outside the organizational boundaries to ensure intelligence is extracted out of the data maze. Companies are leveraging technology driven data analytics for their GRC program to get real time, relevant and cognitive information useful to make the business decision without diluting the governance, risk & compliance requirements within the operating model. Additionally Big Data analytics technology is helping organizations to optimally allocate resources to most critical areas as per their GRC requirements. #4: Integration of GRC Requirements into Business Process AutomationAdvent of business process automation technologies like robotics, process specific platforms etc. have enabled organizations to capture, design and build some of their key GRC requirement into the process automation blueprint. This enables companies to better manage GRC objectives at micro level which lends itself well into the overall GRC framework at the macro organizational level. We see process automation vendors incorporating GRC requirements for example. continuous monitoring into their design build.#5: Better ROI for the BusinessInvestments in technology driven risk management and compliance practices have shown to provide improved returns for organization due to ease of scalability and flexibility. As technology drives a paradigm shift in business and operating models impacting the internal and external ecosystem. An organization's ability to incorporate these changes into their GRC practices becomes very important for good governance and risk management. Technology enabled GRC programs are able to absorb these changes better and modify itself faster to keep the organization well governed & compliant while driving better returns.
< Page 8 | Page 10 >