Are you involved in Governance Risk & Compliance Management or in short in ‘GRC’? The answer is “yes you are”. Everyone does GRC, although you might not call it GRC. Every employee and every company is doing GRC-related activities. At the GRC breakfast event, organized by PwC and Software AG in London on April 2nd, it was not the question who is doing GRC, the question was: “is GRC really adding value to your organization’s success?”
Future value of companies are measured by the ability to adapt
We all agreed in the session, that most of today’s organisations are finding their efforts in internal control too costly and more and more only to be for the benefit of external stakeholders. However, we concluded unanimously that the potential benefits to add value with GRC are unlimited by the new digitized world. With social media, mobile devices, cloud computing and big data, change will be constant. Your future value will not be measured only in last year’s financials, but by your ability to adapt your business model to these technology changes in an ever increasing environment of regulatory and social pressure. You need to become the fittest of your industry.
Successful organisations can create competitive advantage through the use of new technologies in both their business models and their internal control system. Through the usage of new continuous monitoring systems over risks, compliance and business performance areas, organisations can provide continuous assurance to their stakeholders through a transparent dialogue and thus create TRUST in the future. Digitization is a huge enabler for creating transparency and for providing TRUST to internal and external stakeholders.
What does a digitized company look like, providing TRUST to her stakeholders?
- REAL insights are shared with the outside world; stakeholders receive assurance not when it is required but at any moment it is desired (voluntary oversight and integrated reporting);
- Company with informed people that make informed decisions; real-time, continuous monitoring is regarded by all to be enhancing business resilience and contributing to performance;
- Control environment maturity is determined on an on-going basis, which forms the basis for continuous improvement actions;
- Disparate activities in governance, risk, compliance and control, including controls testing and remediation, are integrated and automated as much as possible;
- Monitoring is continuous; dashboard information displayed integrates GRC, control monitoring and process mining information and is accessible to relevant stakeholders;
- Material incidents are reduced by virtue of predictive risk and compliance information;
- Risk and compliance information becomes increasingly forward looking and is therefore of genuine value to decision making.
When to act on Continuous Assurance?
- When you are thinking about reducing the cost of your governance, risk and compliance activities;
- Whenever you are questioning if the decision you just made was made on the right basis;
- Whenever you are wondering how all that money spent on risk and control might one day actually contribute to business performance;
- If you are wondering how your internal control framework would measure up against industry common or best practices;
- If you are wondering how to get most out of technology innovations like Software AG’s IBO and/or it’s market leading enterprise GRC platform.
Click here for the second blog out of two about Continuous Assurance.