Importance of Governance, Risk and Compliance (GRC)
by Swapnil Bora, Practice Lead
In the current scenario, the importance of governance, risk and compliance management is at its highest due to complex nature of business models and operations across the organization. An organization always faces risks that it will be found in violation of one or another of multiple laws and regulations. Lack of adequate risk and compliance management, and governance mechanism around it exposes any organization to multiple risks.
In the recent years, we have observed that the cost of any incidents or mistakes had immensely impacted an organization’s reputation. Take the example of Japanese company called Takata, who manufactured car air bags. The air bags installed by Takata were dangerously faulty, which in turn led to recall of huge number of cars from the market. As of May 19, 2015, Takata is now responsible for the largest auto recall in history .
Additionally the regulatory non-compliances have also proven to impact an organization, especially where there are huge financial penalties or revocation of licenses are involved. For instance, the data privacy regulation in Europe, i.e. General Data Protection Regulation (GDPR) is a prime example. If a company or any one of its third parties breaches the data of a European citizen, the company will face a fine of 4% of annual global revenue or €20 million, whichever is greater, under violation of certain sections in the regulation. There is also a fine of 2% of annual global revenue or €10 million, whichever is greater, under violation of remaining sections in the regulation .
Faulty or disruptive business models also contribute to downfall or reduce in growth level of an organization. For example, Uber paid a hacker $100,000 to keep quiet after he managed to get his hands on the personal data of 57 million users . However, this breach has been just a small blip of concern compared to some of the larger issues related to poor corporate culture, harassment, and mistreatment of drivers as executives focused solely on aggressive growth .
With an increase in complex business models and operations, organizations are moving towards automated tools to manage their risk and compliance and implement governance around it. In a study conducted on the Risk, Governance and Compliance platforms by Forrester, there is a valuable insight for us to look at the best available solution provider to help risk management professional make the right decision. The study helps us conclude that the applications at the forefront (i.e. considered as “Leaders”) in terms of GRC solution providers are MetricStream, SAI Global, LogicManager, Nasdaq, Riskonnect, Rsam and SAP’s GRC. Followed by “Leaders” are the “Strong Performers”, which comprises of GRC solution providers such as Enablon, ACL’s GRC, RSA Archer, IBM and NAVEX Global. Finally, followed by “Strong Performers” are the “Contenders”, which comprises of two GRC solution providers, i.e. ServiceNow and Thomson Reuters’ GRC. The selection criteria for the GRC applications were based on the 3 criteria, i.e. current offering, strategy and market presence.
Use of automated tools helps an organization to be efficient, however it important to have an understanding and mindset for GRC to be incorporated. GRC needs to be acknowledged as a critical aspect of any organization’s growth.
* Isidore, Chris; Marsh, Rene (May 19, 2015). “Airbag maker Takata announces largest auto recall ever”. CNNMoney. Retrieved May 21, 2015. * Article 83, GDPR (http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679#d1e6226-1-1) * Dell Cameron, “The Great Data Breach Disasters of 2017,” Gizmodo, December 27, 2017 (https://gizmodo. com/the-great-data-breach-disasters-of-2017-1821582178). * Renee Murphy and Claire O’Malley, “The Forrester Wave: Governance, Risk, And Compliance Platforms, Q1 2018”, February 15, 2018, Forrester.