By Sunder Krishnan, Chief Risk Officer, Reliance Nippon Life Insurance
Uncertain times and a volatile economic climate have contributed to an expanding focus on corporate governance, risk, and compliance (GRC) across all industries. While some companies faced their risk and compliance challenges head on with insightful business strategies and powerful technology solutions, many are still struggling to reconcile the traditional approaches and legacy systems with the rapid pace of change.
The intensity of change in today’s business environment requires a new way of thinking about risk. Facing an interconnected vortex of disruptive technologies, cyber-threats, complex business ecosystems and globalizing markets businesses need proactive, innovative GRC strategies to seize competitive opportunities and meet the stakeholder’s expectations.
How to Manage Risk & Compliance Costs in Organizations?
Investing the resources, processes, and technologies in a right manner to defend the company can mean a huge commitment of time and money. However, non-compliance can be an even more expensive alternative, carrying the potential for heavy fines, business disruption, productivity, revenue losses, and reputational damage.
A more integrated and holistic approach can help companies control costs while expanding the effectiveness of their GRC programs, including integrated and objective internal audit functions. By rationalizing processes, controls, assurance structures, consolidating and optimizing the functionality of software platforms, companies can identify and address redundancies and gaps, extract greater value from their technology investments, automate preventive controls, and enable expanded use of advanced analytics — which in turn can help identify vulnerabilities, enhance compliance monitoring and testing, and optimize risk and compliance program workflows.
One of the most practical manner in which costs could be rationalized and resources optimally utilized is bashing silo risks and aligning all GRC functions under one CRO. This reduces the costs considerably as the excess flab, bureaucracy and duplicity in resources, processes and systems are totally avoided. This calls for investments in cutting edge technologies, practical and at the same time a radical approach to issues and a collaborative approach to mitigate risks.
Relevancy of Technology in Improving Governance, Risks & Compliance
As the digital economy evolves, risks and costs are growing in tandem with opportunities. Data breaches, digitally driven fraud and financial crime, globalization, and the steady introduction of new and disruptive technologies are contributing to a volatile environment and expanded regulatory reach. To manage the risks and compliance obligations of this environment, companies need innovative technology solutions and smarter data.
GRC vendors with an integrated data framework are now able to offer custom built GRC data warehouse and business intelligence solutions. This allows high value data from any number of existing GRC applications to be collated and analyzed.
The aggregation of GRC data using this approach adds significant benefit in the early identification of risk and business process (and business control) improvement.
Further benefits to this approach include
(i) it allows existing, specialist and high value applications to continue without impact
(ii) organizations can manage an easier transition into an integrated GRC approach because the initial change is only adding to the reporting layer and
(iii) it provides a real-time ability to compare and contrast data value across systems that previously had no common data scheme.
Benefits of Taking an Integrated GRC Approach
Some of the key benefits may include:
• Higher quality information - Integrating GRC information allows management to make more intelligent decisions more rapidly.
• Process optimizations - Non-value-added activities are eliminated and value-added activities are streamlined to reduce lag time and undesirable variation.
• Better capital allocation - Identification of areas of redundancy and inefficiency allows financial and human capital to be allocated more effectively.
• Improved effectiveness - Net effect of all the activities above means GRC activities are directed to the appropriate people and departments.
• Protected reputation - When risks are managed more effectively, the company reputation is enhanced.
• Reduced costs - Lower costs contribute to the overall ROI gains represented by effective GRC activities. Silo bashing and de-bureaucratic approach to risk mitigation would considerably reduce the costs.
The scope of GRC Solutions in India and the Global markets
The GRC market in India is gaining traction on four counts-statutory & regulatory drivers including international regulations; financial & legal drivers involving contractual bindings, S&P credit ratings; operational drivers that includes competitive pressures, process efficiency and optimization and finally governance drivers involving transparency to stakeholders and improved accountability.
The GRC market in India has continued to grow in 2009 and with less than 30 percent penetration, the market is nowhere near saturation. The Forrester Research Report quotes that the GRC technology industry which comprises software, consulting and related services are currently growing at 24% every year and is slated to grow from $2.6 bn in 2009 to over $24 bn in the next five years.
A Platform to Meet New Demands - Governance, Risk and Compliance
Governance, risk and compliance (GRC) programmes are now being required by regulatory bodies and also generated from a business interest. However, there is no ‘one size fits all’ approach as they must fit each organization’s structure and circumstance. Many organizations find themselves introducing GRC programmes at a time when several factors make this a complex task.
It aligns people, process and technology across IT, Operations, Finance & legal domains. Goals of eGRC are –
GRC Industry- What Future holds?
Although there is a high degree of awareness around the value and benefits of a GRC program, the organizations need to ensure the right degree of focus in understanding the evolving and changing risk profile of the business environment in which they operate. Risks will always remain a part of our business landscape and as such, the organizations of all kinds and sizes need to embrace a federated GRC model that provides forward-looking risk management and risk mitigation methodologies. A federated approach offers a flexible framework that can facilitate the assessment and management of risks, the definition of internal controls, and the implementation of remediation plans. A federated approach to GRC improves cross-functional collaboration, the efficiency of individual teams, and aids in increased organizational resiliency towards risk.
Risk management is and will continue to be the biggest focus for organizations. Risk management is at top of the mind for GRC professionals.