Organisations of all sizes are facing growing pressure to improve performance. They’re expected to drive efficiency, sales and profits while cutting costs and upholding corporate integrity. The challenge is made more complex by the growing plethora of risks that are constantly reshaping the business landscape. For example, there’s the political risk caused by Trump and Brexit, the ever-changing register of regulations, the growing frequency and sophistication of cyberattacks, social media and the opportunity it gives the public to lobby, third-party risk, IT risk and natural disasters – that’s just a few.
These factors have traditionally been managed as separate silos; owned by isolated departments that have little contact with each other, report to different individuals in upper management and simply focus on the risks that fall under their ‘remit’. Yet, as risks become more intertwined, the various processes and documents used to manage them often contradict one another, resulting in further business risk, duplication of work, and spiralling costs.
As such, businesses are increasingly seeing the value of managing everything under one umbrella. Governance, risk and compliance (GRC) provides a single centralised process and empowers organisations to more easily control and manage internal and external factors that may impact the enterprise. With a centralised repository of data, businesses can determine potential issues and new opportunities, and action the relevant changes to make sure that they are not left vulnerable or unable to take advantage. Furthermore, a single point of reference ensures that all employees are aware of the company’s overall GRC stance, enabling them to incorporate it into their everyday roles.
To some, GRC is a completely different approach. Yet, while it may be new to them, the industry and the technology within it has taken great strides forward. Here are a few trends that will become more visible as 2017 progresses:
The rise of Artificial intelligence (AI) and its role in GRC
With GRC covering so much ground, the amount of data being collected by companies is eye-watering. Huge complex sets of structured and unstructured data need to be sieved through and analysed in order to separate the actionable intelligence from the ‘white noise’. Current processes automate risk assessments, but the outcome and any required changes are still left up to the judgement of risk professionals; this isn’t sustainable. The amount of data will only keep growing as the world becomes more connected, and this increases the chances of mistakes being made. GRC is intended to simplify, so the technology and processes need to evolve to be able to cope with expanding data sets and not get bogged down with the deluge.
AI is a fascinating technology that is developing at an incredible pace. The ability for a computer to take in information, analyse it and then make calculated decisions more quickly than a human is of obvious benefit to the enterprise. Businesses are already looking at implementing AI systems to speed up investment decisions – for instance, Fukoku Mutual Life Insurance is adopting AI that can calculate pay-outs – so having systems that analyse and suggest GRC-related changes is not a monumental leap forward.
Systems will be able to automatically collect data from various data streams and channels – for example, regulatory and trade bodies’ feeds, social media, news sites, and customer and competitor websites – analyse it against the company’s existing data sets and operations, and suggest any process or strategic changes. As the technology evolves, and machine learning and predictive algorithms improve, diminishing the potential margin for error, companies will be able to manage the entire GRC function with just a handful of employees; a stark contrast to the current set-up in some multi-national firms which can see hundreds of workers with the sole task of data collection.
Predicting the unpredictable
The GRC landscape is under a lot of stress due to a large number of unexpected events. Once again, Brexit and Trump are the obvious examples, with very few predicting the outcomes to those historic votes. The domino effect is the uncertainty they have created. For instance, there are the wildly fluctuating exchange rates between the Dollar, Pound and Euro, and the unknown extent of regulatory change, which will come about following the triggering of Article 50 and Trump’s declaration to de-regulate the US. Businesses are finding it more difficult to plan and are having to allow for wider risk margins.
What is predictable, is that there will be far more unpredictable events in the next few years. As such, GRC technology and approaches will evolve to handle persuasive uncertainty and not simply the standard events. Firms will become better equipped to manage unexpected risks, and won’t be left completely vulnerable by rapid changes in the market or to industry trends.
Escalating cyber risk from the IT department to the boardroom
Despite the now frequent headlines regarding companies falling victim to cyberattacks or suffering data breaches, cyber risk is still a relatively new threat. While businesses may have an idea about the potential effects, many are yet to experience one first-hand, or at least not on a high profile scale. That means there’s still an unfamiliarity around how exactly to manage the risk.
We also find ourselves in an age where hackers are having an influence on national security and political events. With more than a few claims that Russian hackers interfered with the US elections, if true, it reveals how relatively easy it is for external parties to sway events that have global repercussions.
While businesses are changing their approach, in many cases, cybersecurity is still departmentalised and seen as the remit of the IT team. Instead, it needs to be elevated to the boardroom level and incorporated into the enterprise’s overall risk structure. This ensures that the risk is considered within all processes, and the truly damaging effects can be mitigated.
Ultimately, as businesses face greater pressure to deliver against a backdrop of evolving risks, more advanced GRC technology and thinking provide a holistic view across the entire enterprise. Companies can rely on a single process and point of reference, ensuring that they are better prepared for the expected and, more importantly, the unexpected.