Coronavirus lockdown has highlighted the shortcomings of traditional GRC tools

May 25, 2020

Smart businesses have been on a digitalisation path for many years now. Digital transformation is essential for organisations to thrive in this era of business. The ones that successfully transform their business will go onto greater things, while those that do not may even find their very existence threatened, with the emergence and growth of more agile and digitally designed competitors.

But for organisations that have been used to approaching things in a certain way for decades, digital transformation can feel like a significant undertaking. For a mid-sized Financial Services (FS) provider for example, where would they begin with such a task?

There isn’t a one-size-fits-all answer to that question, but it is certainly true that compliance and broader GRC departments are among the most ‘analogue’ of business functions and could benefit from a more digital approach.

This has been highlighted dramatically during the current coronavirus pandemic. With employees forced to work from home until told otherwise, many compliance related tasks have simply been cut off and traditional IT GRC tools have proved inadequate at keeping organisations on top of their regulatory requirements. More than ever, it is time for organisations to embrace a more innovative and digital approach to compliance, using the latest GRC software that guarantees business continuity even during lockdown periods.

Old-fashioned GRC tools

For every organisation that has already adopted a more digital approach to GRC, there are probably 10 that are still using analogue tools. This can mean something as basic as Microsoft Excel to manage compliance, which relies on an almost entirely manual approach that does not support interactive workflows. Or perhaps desktop software that is managed locally and only has provision for internal updates.

While the latter is more effective than the former, compliance approached in this way is far too time-consuming, too complex and too inefficient for it to be viable in the long-term. During the current pandemic, both approaches have proved especially ineffective. Compliance officers and their teams cannot access their desktop GRC software externally, and if they can it is often just a subset of the required information that is found there. Internal controllers and auditors used to refer to printed files have reported field activity interruption.

Furthermore, this software cannot be accessed by third parties. So if organisations are working with external consultants to support their GRC, those consultants will be unable to assist currently. This means that compliance requirements could be missed and the consequences for doing so can be enormous.

The need for digital compliance

Organisations have needed to change the way they tackle GRC for several years now. But the coronavirus pandemic has brought that need into much greater focus. Compliance is an on-going requirement and it needs a digital IT GRC tool to manage it effectively.

Digital compliance relies far less on the input of humans. It will process data on the exact date that it needs processing and will do so in line with all compliance requirements. Digital audits and action plan workflows can still be performed online as usual. These innovative GRC software solutions – such as Oxial’s sGRC solution – are mostly cloud-based too, which means that external third parties like external auditors can securely access them as and when required.

Part of Oxial’s proposition is to offer the most innovative GRC software supported by the input and expertise of some of the world’s most informed regulatory compliance experts. With traditional GRC tools, this input would be lost during a pandemic, at a time when that input was required more than ever.

GRC digitalisation can extend across the business

Digitalisation is a major undertaking and it is a case of going on a gradual journey. No company will address digital transformation in one go and looking at compliance and a broader GRC function is a good place to start.

This is because it is a function that has been so relatively untouched by digital technology. Starting here can provide some quick wins that show the importance of digital across the rest of the organization. It is also because it is a department in urgent need of digitalisation.

The pandemic has shown that compliance cannot simply pause because people cannot access the tools. It is more effective to reduce the levels of human input into these processes, via the use of a complete end-to-end digital solution such as Oxial’s sGRC solution.

The current pandemic is likely to be impacting businesses all over the world for a long time yet. While there is talk in some organisations about returning to the office, at this stage it is still mostly just talk, and a large percentage of businesses will be working from home for the foreseeable future.

This makes it even more important for organisations to address compliance digitally. If we work from home for the rest of the year, does it mean nothing will happen on compliance during that time?

If you are interested in a fully digital IT GRC tool, please contact one of our compliance experts who will gladly discuss how Oxial’s sGRC solutions can help your organisation with compliance during the lockdown, however long that lasts.