The top four GRC priorities for the board

July 31, 2019

The last decade has seen a real explosion in the use of GRC solutions and IT GRC tools to help organisations manage their Governance, Risk and Compliance (GRC) programmes. There are a wide array of GRC software vendors to cater for a variety of requirements and the market overall is one that is experiencing a lot of growth.

There is now a much deeper understanding of what GRC is about and how IT GRC software can help realise the benefits of a GRC programme. GRC tools are used just as much by mid-market firms as they are much larger business, but all organisations use their GRC solutions in a different way.

Different departments and functions within a business will often focus on and manage different elements of a GRC programme, but it remains essential that overall GRC strategy is driven by the board. But what should CEOs be using GRC solutions for in their organisation and what should the top four GRC priorities be for the board?

1. Ensure compliance with external regulation

This is the prime purpose of most GRC programmes and really should be the number one priority for any board when looking at GRC software options. We live and work in a world that is more regulated than ever, and businesses have to prove to regulators that they are doing business in a fit and proper manner.

Regulation comes in so many different guises, from vertical market specific regulation such as such as MiFID II in Financial Services (FS) well as more general data privacy legislation, such asGDPR. GDPR has been a hugely impactful regulation, with a number of record fines already issued for non-compliance and data breaches.

Any GRC tool or GRC software must adopt utilise a digital and continuous approach to addressing compliance requirements. That is by far the most effective way of ensuring compliance, and is the way that Oxial approaches it with its sGRC solution.

2. Manage and mitigate risk

There are more threats and more risks facing organisations in 2019 than ever before. Whether its cybercrime, with increasingly professional and sophisticated cyber criminals, political instability, business uncertainty, climate change or something else entirely, risk management can be hugely challenging.

That’s why it’s essential for IT GRC tools to be able to manage and mitigate a wide variety of risks. The board needs to be notified of potential risks as early in the process as possible, and with a particular focus on the high-risk threats facing the business.

With an IT risk management solution such as Oxial’s, with risk classification, and a proven risk treatment methodology, risk can be faced down much more effectively – another key GRC priority for the board.

3. Setting the tone for corporate culture

We wrote recently about the differences between ethics and compliance, and the fact that an ethics and compliance software industry has emerged and is now growing rapidly. While GRC solutions do differ from ethics and compliance software, there is a certain amount of common ground and GRC tools can undoubtedly be used to set the tone and agenda for the corporate culture in an organisation.

There are many disparate elements that contribute to corporate culture, and we aren’t saying that implementing a GRC solution will do everything. But ensuring that an organisation is well-governed, meets all regulatory compliance and that the board cares about that, sends a clear message that it’s a company that considers ethics and doing business the right way to be important.

4. Driving innovation and digital transformation

Most organisations feel the need to adopt a more innovative approach to business in 2019. Part of this lies in digital transformation, utilising the latest technologies to transform tired business processes that improve both the customer experience and a range of backend tasks.

Digital transformation often takes place in siloes across an organisation, little pockets of innovation dotted around the business – effective but lacking an overall direction and strategy. There is no reason why a firm’s GRC solution cannot act as the driver for digital transformation and set the agenda for it across the business.

Because governance and compliance are generally seen as fairly traditional business functions, they are in fact ripe for a more innovative approach. Using a GRC tool such as Oxial’s sGRC solution means that quick wins are available and the benefits of digital transformation in such functions are clear for the rest of the business to see. GRC can therefore be a big driver of digital transformation.

GRC can bring many benefits to an organisation, and businesses all over the world are much more accepting now of the need for an integrated GRC solution to drive their programmes forward.

There will many different GRC priorities for the board but the four outlined above are the main priorities as we see them. Have we missed anything, what are your board’s GRC priorities?