Key differentiators in Governance Risk and Compliance (GRC) landscape

A recent report by Blue Hill Research discusses the Key differentiators in Governance Risk and Compliance (GRC) landscape. The report is entitled Four Components of an Enterprise Risk Reporting and Management Platform. The base of knowledge is analyses and research interviews with fifteen risk management executives.

As far as GRC product functionality, the core components generally involve the following capabilities:

1. Centralized data management
2. Process and incident management
3. Workflow management
4. Automated monitoring and alerting and finally,
5. Automated reporting.

Depending on the scope of each implementation, the deployment of these capabilities may be in support of a single unit, a full compliance or risk department, or as a comprehensive enterprise solution.

Key differentiators in Governance Risk and Compliance (GRC) landscape.

First the report identifies and discusses the key differentiators in the enterprise Governance Risk and Compliance (GRC) landscape.

Indeed, the report builds the case around the increase in the complexity of information used by risk and compliance practitioners. The increase reportedly lies in the evolution of risk management from a functionally oriented solution to a true enterprise-wide effort. Another critical factor is the larger number and diversity of stakeholders that provide or apply enterprise risk data.

Then the report identifies four key differentiators in the maturing enterprise Governance Risk and Compliance (GRC) landscape as follows:

• Moving from generic data management to support for use case context. In other words GRC tools should allow for custom tailored drilling in the hazard and risk registers, so that the gap between “general management” and “case context” can be seamlessly covered.
• Evolving from basic reporting toward business intelligence analytics allowing in depth analyses of updatable databases.
• Using visualization in the presentation of compliance and risk information, i.e. dashboards.
• Workflow management as an alternative to customization, i.e. the capability of delivering the information needed by stakeholders how they need it, when they need it.

Closing remark

The real benefits of rational, convergent, scalable, drillable GRC deployment are neither in the time spared nor in terms of people vs. tool costs. They are about what the client can get out of the tool.

Finally the ideal outcome is to deliver comprehensive data, in near real-time, as needed. As a matter of fact, anyone who understands his/her risk profile makes better decisions.

Call us to learn how a ORE deployment can push your GRC program to a higher notch.

Tagged with: drillable, Governance Risk and Compliance, GRC, hazard and risk register, Key differentiators, risk information, scalable

Category: Optimum Risk Estimates, Risk analysis, Risk management