GRC Summit 2022: 5 Key GRC Predictions for 2023

Introduction

Blink and you’ve missed it. The MetricStream GRC Summit 2022 is over…and we’re still buzzing from the experience. This 2022 Summit was the 10-year anniversary of bringing together the GRC community. With 200+ risk, compliance, audit, and IT and cyber risk professionals from across the world participating in 40+ sessions, the event was a highlight for the GRC space. 

Themed ‘Experience the Power of Connection’, the summit succeeded in bringing people together after two years of Covid disruptions to network, share experiences, learnings, and best practices among peers. We saw key topics such as Enterprise GRC, Integrated Risk Management, Operational Resilience, Regulatory Compliance, IT Risk, Cyber Risk, Security Risk, Third-Party Risk, and ESG discussed and debated.

I’ve wrapped up the top sessions and key themes below. Have a read and watch the videos as we get ready to welcome you at the next GRC Summit in the US!   

GRC Journey Awards

We continued to celebrate the success of our customers with the GRC Journey Awards. The awards recognized our customers and partners - individuals and teams - who are leading their organizations’ GRC journey, championing GRC programs, and achieving superior business performance and high-value impact through GRC.  

• GRC Program Excellence Awards: Nordea, London Stock Exchange Group, and Shell won GRC Program Excellence Awards for their clear, connected GRC vision, which facilitates collaboration across multiple lines of defense and a high focus on innovation. They have also displayed how their program makes a significant impact on their business and are active in addressing emerging issues in GRC.
• GRC Journey Awards: Thomson Reuters won the GRC Journey Awards as they have made exceptional progress along their GRC Journey, and achieved an integrated, high-value, and sustainable GRC program.
• GRC Visionary Awards: Robert Taylor, Head of Enterprise Risk, LSEG (London Stock Exchange Group), Adam Ennamli, Vice President Risk Management, Thomson Reuters, Simon Wallis, Head of Operational Risk, M&G, Neil Wilson, Director of Risk and Investment, Wessex Water, Jane Knight, Executive Director Risk Change, Group Compliance, Regulatory & Governance (GCRG) UBS won the GRC Visionary Awards for the passion for GRC, a strong vision for their organization’s GRC Journey, and the perseverance to see it through. They are the driving force behind the GRC programs in their organizations, inspiring their teams to achieve a common goal. They also give back to the industry by sharing their experiences and best practices.
• GRC Practice Leader Awards: Sarah Harman, Leader ERMF & Risk Systems- Nationwide Building Society, Richard Rengasamy, Director, Thomson Reuters, Vivek Singh, Risk Systems Director, LSEG (London Stock Exchange Group) won GRC Practice Leader Awards for their passion and drive in the adoption of GRC programs across their organizations. Backed by deep expertise in GRC, these leaders understand their organization’s GRC vision, and lead its implementation.

Listen to this year’s winners describe their GRC journey here.  

Customer Advisory Councils 

During the summit, we also hosted Customer Advisory Council (CAC) meetings. The council members—CROs, Heads of Risk, Senior Risk and Technology professionals, Chief Security Officers, and Heads of Cyber Risk—provided inputs in terms of where the market is headed, their priorities, and what they would like to see in the product. The discussions helped create an initial ‘market standard’ framework and an automation architecture that will serve as an excellent reference point for organizations.

5 Key Trends for 2023

1. Manage Interconnected Risks by Building Operational Resilience  

Gaurav Kapoor, Co-CEO, Co-Founder, MetricStream, Jacob Holmehave, Head of Group Risk Office, Nordea, Gavin A. Grounds, Senior Director Governance, Risk and Compliance, Meta, and Xavier Barde, Group Chief Risk Officer, Pictet, discussed the criticality of managing interconnected risks and regulations in a rapidly evolving macro landscape.  

The importance of adopting an integrated and connected risk management approach to manage both current and emerging risks can’t be stressed enough. To build resilience, organizations will need to take important steps such as proactively practicing risk management utilizing horizon scanning, amplifying the focus on not just risks but other aspects of GRC as well, actively reducing the likelihood of risks occurring, ensuring a consolidated process view, moving ahead with risk quantification although there is currently no market-adopted standard, and ensuring that the right data sets are available for coherence in risk management.

Learn more by watching this session: Connecting the Dots: Managing Interconnected Risks and Regulations in a Rapidly Evolving Macro Landscape

2. Blend Technology and People Together for Optimal GRC Efficiency 

Jacqui McDonald, Managing Director – CIO Group Finance, RFT Technology, Barclays, Roshan Shetty, Chief Revenue Officer, Sonata Software, David Ward, Corporate Functions Technology Director, CITO, M&G Plc, Joy Bhowmick, Head of Research and Development, MetricStream discussed the role in utilizing technology the right way to accelerate GRC programs.

It’s clear that enterprises need to look at GRC holistically not in isolation. Technology can and will evolve processes, but it’s also important to get alignment across the business to support GRC programs. Looking beyond the management of tasks we’re seeing that regulation and society require both human and technological risks to be brought together into one view. They do not sit alone. Data drives quality decisions and organizations are wanting to have more data-driven risk management.

Gain deeper insights into the topic by watching this session: Utilizing Technology the Right Way to Accelerate Your GRC Program

3. You Cannot Spend Your Way Out of Cyber Risk   

Joseph Martinez, Chief Security Officer, Aon, addressed the challenge of how to keep up with the constantly evolving enterprise and cyber risk environment and how the management of controls should not only be efficient but also effective. He also discussed in detail on the best practices and standards that will organisations to look at GRC and cyber risk holistically ensuring that their processes are effective.

Hear more on how Aon successfully manages their enterprise and cyber risk: Best Practices for Modernizing Enterprise and Cyber Risk Management

4. Advancements in AI and Automation Enable GRC Professionals to Work Smarter, Not Harder 

Prasad Sabbineni, Co-CEO, MetricStream, along with Joy Bhowmick, Head of Research and Development, MetricStream and Raghuram Srinivas, SVP Product Management, MS Innovations, MetricStream, spoke in length on how technologies such as AI, ML, and natural language processing (NLP) are transforming the efficiency of GRC processes by simplifying the management of massive volumes of data and expediting decision-making. They also discussed the importance of establishing a positive risk-aware culture and how the right technology can equip the three lines to establish a common language while achieving transparency on the risk and controls.  

Learn more by watching this session: Grow, Disrupt and Collaborate with MetricStream Euphrates

5. The Time to Start Your GRC Journey is Now!

Start with what you DO know, improve based on what you COULD know, and aspire to what you SHOULD know, was the top takeaway from the session conducted by Gavin A. Grounds, Senior Director. Governance, Risk & Compliance, Meta.

If you take anything from this blog at all – let it be this: The importance is to start. Start monitoring your controls, start quantifying what you can – you need to move beyond the objective of merely reducing risk. While your approach may not be perfect the first time, taking the step towards thriving on risk is important. Start where you’re at, get the foundation right, then use the tools you have to move forward and keep improving.

Discover more on this subject: Incorporating Risk Quantification, AI and Automation into Your CyberGRC Strategy

Interested to Know More?    

You can watch the rest of the summit videos here. 

You can also request a demo to gain greater insight into how your organization can leverage risk-informed decisions to accelerate business performance.