October 22, 2017
Governance, risk and compliance has been around for a while now. A canopy term that includes the principal functions of governance, risk management and regulatory compliance; this term has come a long way from its inception in about the early 2000's. On the face of it, it continues to be concerned with its core function of assessing risk management in an organization's activity and overseeing its compliance with regulatory requirements; yet, a few trends are emerging of late, bringing changes in this core area of an organization.
Primarily, GRC is about hemming together the important areas of governance, risk management and regulatory compliance with the performance of the organization. In achieving this, GRC incorporates and coordinates with the various departments that constitute the parts of the organizational engine: regulatory compliance, marketing, finance, HR, governance, risk management, IT, the management board, etc.
While this characteristic is very much unchanged, and is not likely to at any point of time in the future; what we are witnessing now is a set of trends that could bring in major changes into the way GRC is administered. Let us examine some of these:
One of the major trends that is being seen today in many corporate setups is integration. Dispersing GRC into smaller functions made sense to an extent. However, now, with regulations becoming more stringent; organizations are forced to find cost-effective alternatives to GRC implementation in this background. More companies are realizing that taking up regulations in silos could be more time consuming and less effective than integrating core GRC functions. Undoubtedly, finding out inexpensive options is in every organization's interest, given the sky-high cost of noncompliance. Hence, aligning and integrating the areas of GRC to ensure compliance is a major means to stalling regulatory actions.
Can online petitions bring about change into GRC? Yes, if recent actions by online petitioners and action groups are an indication. These groups brought giant companies like Uber and Gatorade on their knees. The realization that the online medium has the puissance to summon and assemble simply anyone, not necessarily physically but online, to force actions from giant companies, has had organization scampering to make regulatory changes into policymaking and the quality of their products.
GRC, when it was first formulated, was seen as something that only organizations with deep pockets, situated in the developed world, could afford and were serious about implementing. Now, however, the trend is for smaller organizations located in growing economies to implement it, as well. We have economies such as those in Latin America, south Asia and Africa becoming more and more committed to implementing GRC.
This, plus the urgent need for adapting higher security into IT system in the wake of the recent cyberattacks has meant that organizations from more and more parts of the world will adapt GRC, bringing about a major growth in this discipline.
How these individual trends will synchronize with each other, and how quickly and consistently these portends will continue remain to be seen. As of now, these pointers show a likeliness of the occurrence of these trends.