3 mega trends transforming governance, risk and compliance

5 min read


What three mega-trends are shaping business actions and objectives, and how can they impact GRC professionals’ roles?

In the 15 years since the term governance, risk and compliance (GRC) was coined, a lot has changed. Once managed as separate initiatives, the three processes are more entwined than ever and are playing a prominent role in helping organisations to achieve performance and growth. The business landscape is consistently evolving and businesses are becoming increasingly savvy in order to overcome new sets of risks and challenges.

Of course, with increased risks come opportunities, and organisations are turning to GRC professionals to guide them. Not only are they being called upon to oversee compliance and rein in wild risk-taking, but they are expected to drive the business forward. These professionals are uniquely positioned to help businesses seize more opportunities by empowering them with the risk and regulatory intelligence they need to make better decisions.

See also: Come together – a federated approach to GRC and risk management

In short, it’s an exciting time to be in the GRC space. Here are three mega trends that GRC professionals need to keep in mind in order to continue driving high performance.

Trend #1: Consumers are becoming the ultimate regulators

Increasingly, consumers are setting the standards for companies globally, and they’re doing so with a voice that’s louder than ever, thanks to social media and other digital platforms.

For example, scores of consumers used social media to push the #DeleteUber campaign, which was a result of the company’s response to a protest in New York. Not only did it lose customers in the local area, but the campaign received global coverage leading to lost customers all over the world.

The industry has also seen Gatorade, one of the largest sports beverage brands in the world, removing a controversial ingredient from its products due to a teenager in Mississippi creating an online petition on Change.org. That’s the power of the collective voice of consumers.

Consumers have, at their fingertips, all the information they need to make informed decisions about the companies they interact with. Their loyalties are determined as much by ‘soft’ business metrics such as corporate social responsibility scores, ethics, and trustworthiness, as by the quality of products and services offered.

See also: Five key drivers to integrating a successful GRC platform

For GRC leaders, that means putting customers at the front and centre of their GRC programmes. It also means ensuring that companies are complying not just with regulatory requirements, but also upholding public trust and confidence. It means building a corporate culture where people, right from the top of the organisation to the front lines, understand their risk and compliance responsibilities in the context of the customer.

A large chunk of corporate value today lies in a company’s brand, reputation, and credibility. GRC professionals have the important responsibility of helping to protect these assets, so that companies can drive greater customer loyalty, and outperform the competition.

Trend #2: The power of ‘now’

In this age of Instagram and Snapchat, people are looking for instant gratification – so much so, that if a video doesn’t load in two seconds, it begins to lose viewers right away, according to a study by Akamai Technologies and the University of Massachusetts Amherst. People want value immediately.

To meet this requirement, GRC professionals can deliver instant value to their companies by making processes simple and pervasive through the easy adoption of consumerist technologies. Easy-to-use GRC tools that work on smartphones, tablets, and other smart devices ensures that relevant real-time and actionable intelligence is collected throughout the entire enterprise.

Delivering instant value also means that GRC technology and infrastructure has to be deployed quickly in the cloud. Gone are the days of long deployments, multi-year projects, and extended time to value. Companies are looking for simple, modular, instant GRC deployments that can work straight-out-of-the-box.

See also: The cyber threat landscape is looking more and more dangerous

Reporting is another area where GRC professionals can meet the need for instant value. Boards and stakeholders want to make quick, risk-informed decisions, but they don’t have the time to consume hundreds of pages of reports. GRC teams need to find ways of condensing large volumes of information into intelligent risk insights, and communicating them in as succinct and engaging a manner as possible.

When business leaders have all the information they need in real-time, they will be well-positioned to make faster, better decisions for their business.

Trend #3: The promise of artificial intelligence

Every technology publication, entrepreneur and business leader is talking about Artificial Intelligence (AI). AI is impacting how we live, work and play. It has applications in just about everything, ranging from pizza-making to filtering fake news – it is fundamentally changing the future of work and the future of human productivity.

In terms of GRC, AI means predictive analytics, advanced visualisations, intelligence in the cloud, and risk mind maps that can help companies understand and anticipate their risks better than ever; there’s exploration into correlation engines that combine vast data sets such as internal losses, consumer sentiment, and unemployment rates to forecast business performance; also, new algorithms are helping companies condense large volumes of regulatory compliance information into nuggets of useful and relevant insights.

See also: Are businesses overlooking risks away from cybercrime?

The scope for AI innovation in GRC is incredible, and we’ve only just begun to scratch the surface. Industries are already witnessing the rise of ‘deep learning’ technology that, for example, can detect new malware threats as quickly and accurately as the human eye can identify something substantial and tangible, like a piece of furniture. Soon, businesses will have access to tools that are able to ‘learn’ from employee actions and behaviour in order to automatically discover risk.

Taking stock

This year and beyond, GRC will be about fresh ideas and perspectives, innovating, as well as a high degree of leadership. The business landscape is only getting more competitive, therefore the organisations that are able to take more informed risks, drive firm-wide compliance, and demonstrate better governance will be the ones who lead with enduring value today, and into the future.

Sourced by Gunjan Sinha, executive chairman at MetricStream

This article was originally published by Information Age and can be found here: 3 mega trends transforming governance, risk and compliance


Gunjan Sinha Executive Chairman, MetricStream

Gunjan Sinha, Executive Chairman, MetricStream, helps lead the overall direction and vision of the company. His focus in on building MetricStream into a global GRC leader with strong teams that are excited about new markets, disruptive technologies and social impact.