Engaging the front office in risk management
Effective risk management needs everyone to play their part – both the back office and the front office….
Digital transformation was already well underway and with COVID-19, it’s now accelerating. What was a slow jog has turned into a full sprint with companies quickly adapting processes to meet the needs of the digital economy. Right now, 82% of CEOs believe digital transformation is strategically important to their organization (PWC, 2020) and are willing to invest to make it happen. In fact, IDC predicts that worldwide digital transformation investment spending will approach $7.4 trillion between 2020 and 2023.
Yet, as companies quickly try to match aggressive competitors and agile upstarts, the vast majority are not investing in upgrading their risk and compliance systems commensurate with their digital transformation. And this is “risky” business…
Many companies are unsurprisingly continuing to rely on spreadsheets or traditional GRC solutions to store risk and compliance data. You wouldn’t try to do bookkeeping in a journal anymore, so why would you try to manage risk and compliance on a spreadsheet in the digital era? Companies cannot keep thinking of GRC as a storage system to capture all the risk and compliance data without any context. Nor can they continue to think of risk and compliance as a project that can be completed, it’s a continuous journey that requires constant monitoring and optimization.
GRC, like everything else in the digital era, must adapt. In its traditional form, it is not keeping pace with the market, providing only an outline or a snippet of the big picture, but not the rich detail or comprehensive context needed to make strategic decisions. The mindset that we already have risk and compliance covered because something already exists leads companies to continue on with outdated legacy systems or DIY tools that are not ready to address the complexities of today’s complex environment. As a result, executives are working with inadequate information when making critical business decisions.
GRC has been a hot topic of debate among analyst and research firms for the last several years as digital transformation has been slowly advancing. But there is one thing they all agree on, not doing risk management correctly has serious consequences and its bigger than traditional GRC.
Ineffective risk and compliance management can have dire consequences – from reputation to profits, it’s all at risk if it’s not properly protected. And while not glamorous or fun, and often times a chore, like most chores it is vital. GRC when well done can empower businesses and executives to make better decisions, optimize investments and work collaboratively to build agile, resilient and successful businesses.
While much of the above may be blindingly obvious to an IT professional, the Board and corporate executives are still struggling to connect the dots. In fact, only 27% of organization felt ‘very comfortable’ that the Board is getting adequate reporting on cyber and privacy risk management metrics’ (PWC, Digital Trust survey 2018). It is time to start speaking financially, in context and with relevant facts.
View the webinar “Beyond GRC: Risk and Compliance in the Digital Era” with Simon Marvell, Acuity Founder and CEO and Andy Boden, Senior Technical Consultant. In this session they compared traditional vs emerging GRC solutions and explained how you can build your risk management program to increase transparency, drive decision-making and improve communication with the Board.