What is GRC?
What is GRC?
You’re tired of using spreadsheets for compliance and exhausted by all the emails. You’re rundown from managing your company’s ERM program with duct tape and chewing gum. Well, not exactly those tools but that’s what it feels like, right?
You may have heard of GRC platforms and wondered if it could help your world of manual processes and fragmented systems. That led you to launch your Internet browser and land here. Welcome! We’re here to help you gear up for a GRC platform and integrated risk management.
Gear up for a GRC platform
OCEG is the nonprofit think tank that coined the acronym GRC, which stands for governance, risk, and compliance. GRC is a coordinated strategy for corporate governance, enterprise-wide risk management, and compliance with regulatory and industry requirements.
GRC platforms gained notoriety in the early days of Sarbanes-Oxley, a regulation enacted in 2002 to address corporate wrongdoing and help protect investors and the general public. In reality, while not calling it GRC, companies have been implementing GRC strategies for years to improve quality processes, assess and manage risk and control activities, as well as comply with environmental, safety, and other regulations.
Default setting: spreadsheets
Organizations love their spreadsheets. A spreadsheet is an excellent tool for creating data formulas and crunching numbers. There’s just one problem. Tasks associated with GRC involve multiple people and departments inside and outside the organization. Consider a company that has 1,000 vendors and needs to issue a risk assessment every year. That’s a nightmare scenario if your project plan calls for using spreadsheets and email.
By all means, use spreadsheets, keeping in mind what they excel at. For matters involving governance, risk, and compliance, you need a more powerful tool.
What a GRC platform can do
GRC platforms designed to help you manage compliance and risk have come a long way in recent years. First-generation GRC platforms provided advantages over spreadsheets, but they were difficult to implement and cumbersome to use.
Today’s GRC platforms are flexible, scalable, and cloud-based, empowering companies to not only manage compliance but also integrate risk management programs in the Digital Age.
The risk-filled world of business
Business is always evolving, which creates new risks. While suppliers and vendors dot the world and networks connect everyone, it’s created two major risks for business: third-party risk and cyber risk. A company has to manage these risks or risk the consequences: data loss, fines, lost customers, emergency board meetings, a serious financial blow.
The risks keep coming. The one everyone is talking about these days is privacy, specifically the GDPR regulation regarding data protection and data rights that will take effect next May. At first blush, it looks like more red tape for business. However, this privacy regulation for the EU actually builds on existing privacy laws. If you have employees or customers who pay taxes in the EU, their data and rights to their data will be protected by GDPR. This regulation is spreading like wildfire across the globe with other countries having passed or considering privacy legislation. As the business world evolves and adopts new business strategies and technology like AI, we can expect risks to continue to grow and evolve.
Our point is that you can’t eliminate risk. You can, however, manage risk with the right GRC platform. Companies with a high degree of GRC maturity go from risk-averse to risk optimization that creates a competitive advantage.
But which GRC platform is right for your company? Glad you asked.
GRC Buyer’s Guide
In response to the need for GRC platform guidance, we created the GRC Buyer’s Guide. It’s filled with tips and guidance on what to look for in a GRC platform and how to better assess your compliance and risk management needs. Your world is tough enough trying to manage GRC with spreadsheets. Don’t make it worse by buying the wrong platform.
Go here to download our GRC Buyer’s Guide.
NSCC members face a new compliance requirement: cybersecurity confirmation. It sounds easy, complete a form, but risk is high. Here’s guidance.
Compliance departments are seriously challenged these days. As business swirls in response to COVID-19, compliance has taken a back seat. That can lead to trouble—violations, fines or both—due to missing deadlines. Management, in a questionable move, may ask compliance to do something taboo. Instead of reading a half empty glass post designed to help compliance deal with these challenges, they instead get a half full glass post that is brimming with optimism for compliance’s role during COVID-19.
COVID-19 has pushed several risk disciplines into the spotlight, including business continuity, third party risk, cybersecurity, and data privacy. We’ll explore each one and deliver advice and guidance.