By Emmanuel Moore ABOLO, PhD
Winston Churchill, a one-time Prime Minister of Britain, was noted to have said that ‘’If we open a quarrel between past and present, we shall find that we have lost the future’’. A new decade begins with great uncertainty in business, government, and society. The atmosphere is charged with dynamism. The market dodders on the brink between probability and reality.
Change often comes in nonplussed steps, with trends only becoming clear when several seemingly disjointed developments are viewed as a whole. Sweeping changes are poised to take place. But which ones? Change is the greatest challenge impacting GRC management.
. As the old saying goes: it’s always easy to know what the right course of action was after something has happened, but much harder to predict the future’’. However, by looking at GRC developments over the past couple of years, it’s possible to forecast what’s likely to happen in the GRC landscape over the next decade.
GRC has come a long way since its conception and integration in business. Along with many other areas of business, GRC has benefitted from the introduction and fusion of new technologies, helping to replace the perception of GRC as an afterthought and entrench GRC processes holistically throughout organizations.
The GRC market has seen a flood of would-be technology and service providers. There are currently over 800 technology vendors that offer GRC-related solutions, and over 1,000 professional services firms that have cropped up with GRC offerings.
2019 was a year of regulatory anticipation with organisations preparing for large regulations. Organisations using GRC technology struggled to stay ahead of the curve and ensure total compliance. Moving through 2020, the GRC market will continue to transform in several ways.
Over the past year, GRC trends have arisen both on an organisational level and across markets globally. First, there has been a shift in the way technological risks were identified within an organisation.
One of the most significant developments in GRC activity that we saw in 2019, which I expect to increase greatly in 2020 and beyond, is the establishment of committees at the enterprise level specifically designed to address plans for better integration of GRC across the enterprise.
While in many organizations the starting point for this is focusing on use of technology to support GRC and audit, changes are also being planned for structuring organizational and personnel responsibilities, and for standardization of processes.
These changes are indispensable in order to support development of a technology architecture and ecosystem where all relevant data can be shared and reports can be developed to meet different needs. With the growth of artificial intelligence [AI] or cognitive computing in GRC systems, deeper and more timely views of information are now possible.
As more companies move away from the reactive and defensive GRC programs towards a proactive and agile approach, the first line of defence will be best positioned to own, understand, and manage risks they take.
Innovations in technology are changing risk intelligence from cognitive and algorithmic – what happened and why – to anticipatory and assistive. Machine learning and advanced natural language processing, will create rules to drive intelligence and provide intuitive risk exploration and analysis, strengthening both GRC programs, and augmenting human decision-making with predictive risk insights.
By collating structured and unstructured data from multiple data sources and databases and extracting insights, these tools will enable companies to make swift, risk-aware decisions.
Organizations would need to invest in bringing together all information in a consolidated framework in order to harness insights from across business units, operational locations, and third parties in such a way that it illuminates to business leaders what their priorities should be for growth and retrenchment.
Indeed, businesses are at an exciting, yet critical, time for GRC programs and technologies. Organisations need to implement holistic programs to ensure they stay above board in this age of breaches, hacks and reputational threats. It is vital for companies to act efficiently and effectively, utilising GRC technologies to move toward proactive, rather than responsive, GRC.
Advanced analytics will sift the signal from the noise, uncovering hidden risk insights in big data to optimize decision-making. AI engines will automatically scour internal databases and external feeds, cross-referencing information to identify risk patterns, as well as to detect control weaknesses.
Using these insights, organizations need to be able to swiftly contain potential issues, or act on upcoming opportunities. Meanwhile, natural language processing tools will leverage the power of semantic analysis to connect the dots between thousands of issues—both past and present—in order to identify the best remediation actions.
Robotic process automation (RPA) will support continuous control monitoring as well as full sample-auditing, making it easier to detect anomalies. All these advancements will enable GRC functions to deliver greater value, and act as true strategic advisors to the business.
We see , looking forward, an agile GRC program which is like a well-oiled machine with multiple diﬀerent parts working together in harmony. The idea would be to aggregate and harmonize diﬀerent perspectives on GRC across various functions.
Charles Darwin once said, “It is not the strongest or the most intelligent who will survive but those who can best manage change.” That statement applies as much to GRC as it does to anything else. The more agile a GRC program, the stronger and more responsive an organization becomes to the changes occurring around them. And the faster they can respond to change, the faster they can move ahead of the competition.
A good journey they say is not done with one effort but is broken down into stages. Forward-looking organizations in the 2020 decade should make their GRC journey in stages to achieve better results. The following are considered to be key for every organization that wants to make success of GRC in the 2020 decade:
• Have a finger on the pulse of the business;
• Watch for change in internal and external environment;
• Turn data into information that can be, and is, analyzed;
• Share information in every relevant direction;
• Continuously align objectives and operations to risk of the entity;
• Give strategic consideration to information from GRC enabling appropriate change;
• Gain greater awareness and understanding of information that drives decisions and actions;
• Improve transparency, but also quickly cut through the morass of data to what you need to know to make the right decisions;
• Be able to bounce back quickly from changes in context and threats with limited business impact;
• Have sufficient tolerances to allow for some missteps;
• Have confidence necessary to rapidly adapt and respond to opportunities;
• Get rid of expense from unnecessary duplication, redundancy and misallocation of resources within the GRC space; and
• Lean the organization overall with enhanced capability and related decisions about application of resources.
It’s fair-minded to say that the GRC industry is nervy in the right track, but regulatory bodies still have a weighty task in protecting consumers and in turn, organizations in the changing technological landscape. We anticipate this to be a considerable trend and theme moving forward in this decade, watching regulatory and compliance trying to keep up with the rapidly and constantly mutable landscape. Ultimately, opportunity would obliterate uncertainty.
• Dr. Emmanuel Moore Abolo Managing Director/ CEO
The Risk Management Academy Limited