The IT industry has responded with a proliferation of business intelligence, analytics and in particular governance, risk and compliance solutions, and this area is reaching its maturity phase with much provider consolidation underway. The actual adoption of GRC by enterprise is still evolving, however. We can foresee a number of directions for GRC solutions in the next year and beyond. These speak directly to business’ need to protect their interests, increase consistencies, improve efficiencies and ensure sustained growth.
1) Compliance gives way to Risk
The view of risk within enterprises will become more sophisticated and holistic during 2011. Although compliance to specific industry standards and regulation will always be vital to businesses, and we still see customers requiring framework solutions to systematically manage compliance through management of risks, regulations and audits, companies today are recognising that they need more. Their demands are being driven by an increased awareness of the “R” in GRC, rather than the “C”. Business leaders are recognising the dangers of the poor business visibility, incomplete data on which to base business decisions and patchy security that traditional information silos create. GRC solutions will increasingly be adopted for the primary purpose of creating a consistent, integrated and complete view of risk, not a single functional solution.
2) GRC as a Performance Management tool
GRC software sales have often been dominated by the avoidance of negative outcomes and risks, rather than the pursuit of positive change and business benefits. In 2011 we believe this will change. The ‘glass is half full’ view of the world needs to start to dominate. Rather than compliance for the purpose of avoiding non-conformance fines or worse, business will increasingly seek to manage risk in a way which targets achievement of business goals.
Sword Achiever put much effort in 2010 into developing applications which help customers to see and utilise risk in a way which can drive business benefits. By linking risks to businesses performance businesses allow themselves foresight into issues that, if unchecked, may negatively impact on the business bottom line. By identifying causal relationships between the KRIs and KPIs a business can put in place mitigating controls to ensure these KRIs are met which, in turn, has a direct impact on business performance. Not only does this ensure sustained growth within the business, it also highlights the real business value that each function is having on the business bottom line.
3) Supply Chain Focus
Smart businesses next year will take a broader view of risk and compliance which extends into and through their supply chain. Our customers are realising that viewing compliance as an internal company issue can lead to unexpected incidents and risks, and our supply chain management module is increasingly popular. The need for tighter control over the whole supply chain has become crystal clear, and will lead businesses to place much more of a priority on the management of compliance – whether this is to service level agreements, training standards, quality standards and regulations or about the oversight of material handling or substance storage – the list is lengthy. To bring suppliers into their compliance environment will require not only GRC IT solutions well integrated through the organisation but which extend into and enable the same control and tracking within the supplier’s own environment. These solutions and the alacrity with which suppliers embrace them will increasingly play a role in supplier identification and engagement, as well as ongoing relationship management as businesses ensure that risks will be minimised and compliance aspects will be controlled.
4) Top to bottom GRC engagement
GRC factors will become consolidated as board-level concerns, but will also become much more embedded throughout organisations. Risk minimisation and compliance has historically been something which company managers encouraged, enabled or enforced staff throughout the organisation to take responsibility for, with varying configuration of supporting documentation, systems and processes. As operational and financial risk and the compliance pressures have increased on organisations as a whole, senior executives and boards are now directly involved, whether they wish it or not. Within our customer base, senior managers are asking how they can achieve full visibility of risk, as a foundation for making informed strategic decisions, driving business growth and creating shareholder value. Downwards diktat is not going to enable this. Instead, they must create a GRC-aware culture from the top to the bottom of the enterprise and enable supporting behaviours via an integrated GRC platform.
Information is fundamental at every level. At senior levels they require clear and relevant dashboards that give key business information quickly and concisely. Functional heads need the tools to be able to identify, manage, control and mitigate risk and compliance issues through a single system that is flexible and easy to use. At end user level we are seeing the need for documents and requirements to be clearly accessible with role based access enabling the right people to see the right things at the right time with automatic escalations in place to control behaviour and ensure compliance.
5) GRC everywhere
Mobility will become a critical component of GRC solutions. Businesses do not exist only within their offices, and neither does the need for visibility or management of potential risk factors to the organisations. Compliance with health and safety regulation must happen equally in the field, factory or on the road. Companies are already demanding that GRC data is accessible to those who need it and will increasingly need to be just as close to the larger workforce as they carry out their day to day roles. We foresee a specific surge in demand for risk and audit checklists and real-time data input to be available on mobile devices so that those conducting either regular management monitoring or formal audits can do so in the environment in which they are operating. Mobility is casting a new light on potential business efficiencies that can be released through IT, and GRC solutions are no exception.
6) The death of DIY
Finally, we predict that 2011 will see most businesses abandon a piecemeal and DIY approach to the management of risk and the increased adoption of single corporate frameworks. The simple lack of a single system across and organisation greatly increases the costs and risks related to GRC. Yet, dedicated GRC software options, such as Sword Achiever, can help to manage and control risks effectively and cost-efficiently, enhance and ease compliance, make policies easy to implement, audits faster and more efficient, and reports clear and consistent.
Sword Achiever www.sword-achiever.com
The Sword Achiever Enterprise GRC software solution comprises a number of modules that deliver a comprehensive, integrated management tool providing a single solution platform.
# # #
About Sword Achievr: Sword Achiever delivers flexible, easy-to-use software to manage governance, risk and compliance (GRC) requirements, enabling organisations to minimise the risk of product and plant failures, compliance fines and penalties, improve quality processes and manage and control internal and external audits.
The Sword Achiever Enterprise GRC solution comprises a number of modules that deliver a comprehensive, integrated management tool providing a single solution platform. With Sword Achiever in place companies can increase the transparency and control of all their GRC requirements more effectively, improve their operational efficiencies and ensure sustained growth.