This week I came across an article in Wall Street & Technology that discussed GRC and the need for firms to implement technology in efforts to increase their automation and increase their control over risk and compliance. With GRC being a topic that will be discussed at our 5th Annual OpRisk Conference, scheduled for Wednesday, March 2nd, I was interested in reading up on the latest technology issues and challenges. I was surprised to discover, especially in this technologically advanced day and age, that most organizations are still dependent on manually updated spreadsheets. It just seems that would leave the firms open to lots of mistakes, a risky move when trying to control risk.
Nonetheless, the article stressed that firms should look at these tools not as a solution but as a means of enabling them to better apply their GRC framework. Paul Proctor from Gartner put it nicely when he said, “GRC is neither a project nor a technology. It’s a control framework for safeguarding your organization at a level that strikes a balance between business needs and protection needs.” Basically your firm needs to have a solid framework in place before any GRC automation technology could make a difference. These tools are created to enhance your systems not develop them.
So that leads me to think, do firms just not have solid GRC frameworks in place? Is that why this technology is being underutilized at the moment? Maybe the lack of use of automation tools for GRC is basically because it’s premature to bring in technology that is more advanced than the GRC frameworks they would be enhancing.
So what time is better than now for updating your firms GRC framework and then looking into technology that could automate that framework throughout your organization? Especially with all the recent and current talk around implementing new regulations there should be an emphasis on the importance of the GRC framework and how the changes impact risk and compliance. To that end, a portion of next week’s conference will be spent focusing on the importance of the GRC framework as we look into changing business models, the risk consequences and how all this can and should be kept in real time.