GRC Isn’t Just about the Mitigation of Risk, but about the Preservation of Trust

5 min read


8 Key Takeaways from the GRC Summit 2018 – London

The GRC Summit on Nov 12-13, 2018 provided a forum for business and government leaders from around the world to discuss, debate, and learn about the latest trends and best practices in GRC. Based on the theme “Preserve. Protect. Perform,” the summit featured a range of inspiring keynotes, expert talks, customer success stories, and panel discussions on topical issues such as Brexit, cyber resilience, corporate integrity, and culture.


Key Takeaways

The biggest driver of cyber risk? The emergence of a commodity market in hacking

A decade ago, if you wanted to hack into someone’s system, or even conduct a simple denial of service attack, you had to be reasonably skilled. Today, you can simply buy a tool—or better still, a managed service to do it for you at a very limited cost. This rapid rise of a commodity market in hacking has made it easier than ever for criminals, disgruntled employees, nation states, and other malicious actors to attack organizations and nations where it hurts most.

For more insights, watch this fascinating keynote by Robert Hannigan, Former Director of the UK’s Government Communications Headquarters (GCHQ).

GRC isn’t just about the mitigation of risk but about the preservation of trust

Traditional GRC may have been about policing the organization. But today it’s about empowering the first line of defense to be effective custodians of trust — equipping them with the knowledge and tools they need to take ownership of risks and to do the right thing. The key is to remember the 4 R’s: (1) Respect – Ensure that the three lines are working together towards the same objectives (2) Rapport – Empathize with the needs and challenges of the first line (3) Responsibility – Ensure that the three lines understand what they need to do and how to execute it transparently (4) Reflection – Take the time to step back and evaluate the approach.

To know more, watch this C-suite panel discussion on trust and integrity featuring business leaders from M&G Investment, UBS, and Intelligent Ethics.

Innovation without integrity is like motion without direction

For years, business success has been talked about in terms of the speed of innovation, or how quickly one can notch up billions of dollars in valuation. But in the race to get to the top, many employees report being pressurized to compromise standards. In fact, they often see questionable business practices being rewarded rather than punished. Fortunately, that is beginning to change as organizations come under greater scrutiny—not just from regulators and investors, but also from a larger hyperconnected society with tremendous computing and communication power at its fingertips. In this transparent world, values like integrity, trust, and alignment of profit with purpose will become increasingly critical to business success.

Find out more on what it means to perform with integrity in this keynote by MetricStream CEO, Mikael Hagstroem.

The pace of change will never be as slow as it is today

One of the biggest dilemmas that organizations face is how to keep up with the ever-accelerating pace of change and disruption without being blindsided by the associated risks. How do you enable faster processing of financial transactions without increasing data security vulnerabilities? How do you leverage open banking opportunities without worrying that a third party will misuse sensitive customer information? Agility and resilience hold the key. But achieving these objectives will require collaboration. Organizations, industries, suppliers, customers, public bodies, and governments must find a way to work together towards preparing for and responding to change in a way that benefits everyone.

To learn more about the changes and risks impacting organizations today, watch this panel discussion with risk leaders from Johnson Matthey, Infosys, Santander, and Equifax.

GRC must become a way of life

Employees need to be doing GRC without realizing it – that’s how deeply and intrinsically it must be embedded in corporate culture. While that may be easier said than done, the first step in the right direction is for assurance functions to start speaking the language of the business i.e. instead of talking specifically about risks and controls, focus on how GRC can improve business efficiency and productivity. Look at GRC through the lens of the first line. How will their daily routines be impacted by additional risk responsibilities? Is there a way to make GRC a seamless part of the front line’s daily tasks? These are important questions to consider if organizations want to build a truly risk-aware, well-governed, and compliant culture.

To know more, watch this panel discussion of GRC leaders preceded by a talk on GRC market trends and insights by MetricStream COO, Gaurav Kapoor.

Regardless of the outcome of Brexit, organizations will need to be prepared with a contingency plan

While the future of Britain’s relationship with the EU continues to be shrouded in uncertainty, what is evident is that the repercussions of a hard Brexit will likely be catastrophic unless organizations are prepared to counter these risks. That includes conducting scenario analyses to understand and address potentially adverse outcomes, while developing contingency plans to protect business interests. It also means tackling possible bottlenecks in the physical supply chain, as well as the financing and data supply chains. Yes, all these efforts will require significant investment, but think of them as an insurance policy for your organization.

For more insights, watch the Brexit panel discussion featuring experts from financial services, manufacturing, and the government.

Analytics and deep learning present a $9 trillion to $15 trillion opportunity

Artificial intelligence has finally come of age. However, the challenge now lies in scaling AI initiatives in a way that delivers optimal value. As complex as that might seem, there are best practices that organizations can follow. One is to ensure that the business has a well-defined and well-aligned AI objective and strategy with a clear understanding of where the monetary value lies. Another is to remember that AI isn’t just about technology but also about the right working practices and methods. And the third is to realize that data scientists alone don’t make a successful AI project – it takes a village to do AI well.

For the whole picture, watch this business leadership talk by Nicolaus Henke, Global Leader, Digital and Analytics, McKinsey.

Smart ledgers could be a boon for compliance

While ledgers have been in use for thousands of years, they have never arguably been as much a part of popular discourse as they are today, particularly with the advent of the blockchain and bitcoin. Smart ledgers—essentially multi-organizational databases with a super audit trail—hold significant potential not just for payments, but also for clinical trials, trade, and geostamping. Most importantly, they act as anti-cheating devices. And in that sense, they are exciting for compliance functions who can now use smart ledgers for a variety of purposes, ranging from regulatory reporting, to time-stamping, bench marking of shared data, and even as a “dropbox” for proof of compliance with the Senior Managers Regime.

Learn more about smart ledgers in this insightful keynote by Michael Mainelli, Chairman, Z/Yen.

Explore more videos and insights from the GRC summit here.

Jump to Topic


Read more about the latest happenings in the GRC universe. MetricStream experts share their valuable insights on how organizations can turn risk into a strategic advantage and thrive on risk.