Technology can ease the pains of governance, risk and compliance
By Jayen Vyravene , MD of Quency, a Webcom Company
2 March 2010
With the flurry of Acts and legislation that have been and are due to be put into place; not to mention regulations, frameworks and recommendations for corporate governance; organisations are faced with the fact that compliance is fast becoming a key business issue.
Compliance is beginning to form part of the business environment, not just from a legality point of view, but also because of frameworks such as King III, implemented on the 1st of March 2010, that advise businesses to become more accountable, transparent and sustainable.
The reality is, organisations of all sizes need to start gearing themselves toward becoming compliant and ultimately adhering to good corporate governance practices, or they risk facing financial and other penalties. The challenge is that implementing, monitoring and managing compliance in any organisation requires significant time and resources.
Technology has stepped up to the plate, and there are many emerging tools and software that can assist in simplifying the processes of good corporate governance, risk mitigation and regulatory compliance.
The problem with these solutions lies in the fact that each tool or piece of software often addresses one specific issue of compliance, and these disparate solutions do not integrate, which makes transparency and corporate governance difficult. Organisations simply cannot adequately manage all of the various systems and staff who have been tasked with handling compliance.
The next logical step from a technological point of view is software that provides an integrated solution that covers not only compliance but governance and risk as well, negating the need for ad-hoc systems and avoiding the confusion of having many staff members handling different aspects of the process.
An integrated solution will ensure that everyone in the organisation, across departments, is on the same page when it comes to governance, risk and compliance (GRC), not just in a siloed manner but stretching across the entire enterprise. This enables various policy documents such as finance, IT, marketing, sales and so on, to be integrated, giving a more complete view of the organisation and allowing for ever greater transparency and governance. A single view also allows for a far better insight into various risk profiles, enabling better risk mitigation.
The fact is, in order for any organisation to be fully compliant, ad-hoc disparate solutions just will not cut it. Good corporate governance requires a complete, holistic view of risk and compliance across the organisation.
And the best way to achieve this is to have one dashboard that covers GRC for the entire organisation.
And the best part is, even though compliance is usually seen as a grudge issue, it can actually benefit organisations. If a business makes compliance, corporate governance and risk management part of the strategic objectives of the company, it is possible to create real value, as these practices can create better efficiencies, which leads to better profits for the company. Incorporating performance management into compliance management will also provide key indicators for risk, performance and control, to further improve efficiency.
In order to create value from GRC management processes, it is necessary to have an implementation programme in place as well as a maturity model that shows where the organisation currently sits, and a roadmap that gives a clear indication of where the business would like to be.
It is vital to remember, however, that while technology can assist organisations with GRC, technology is not a silver bullet, but simply an enabler.
GRC is a reality, and while it may be done reluctantly by many organisations, the fact is that by adhering to these regulations and having enabling technology in place, organisations can have access to better quality information that can help them to make the right decisions at the right time. Rather than regarding GRC as a tedious compulsory process, it should be seen as an opportunity to leverage significant business benefits whilst ensuring penalties are avoided.