Three Key GRC Themes to Watch Out for in 2021 and Beyond

5 min read


It’s a wrap! MetricStream has successfully concluded its flagship event, GRC Summit, held virtually on June 7-9.

Now in its ninth year, the summit is the largest and the most awaited event in the GRC space. It brings together risk professionals, C-suite executives, thought leaders, industry experts, and practitioners to discuss the evolving risk and threat landscape, risk management strategies and best practices, and how to build better governed, more risk-aware, compliant, and resilient enterprises that thrive on risk.

I was lucky enough to attend the summit and wanted to share some key themes, thoughts and observations from the event.


A Virtual Meet Up to Share and Learn

It was exciting to experience the summit firsthand. It provides a true platform for organizations worldwide to come together and share their challenges and experiences with Integrated Risk Management and GRC programs.

These conversations not only help organizations share best practices, but also act as a major source of encouragement for those who are contemplating embarking on the GRC journey themselves.

As in previous years, the summit was a resounding success, with 2600+ attendees, 1100+ organizations, 35+ global speakers, and 40+ sessions.

There were multiple threads and themes of discussion – just as risk management and GRC today are interconnected. Discussions ranged from resilience to automation to artificial intelligence to the criticalities of third-party risk and so much more.

Obviously, they’re all critical, but today I want to focus on three themes that I believe have particular importance to the future of GRC.

ESG: A Movement Slowly Gaining Momentum in GRC

It’s hard to go a day without reading about ESG – environmental, social and governance – and the summit was no exception. The risk leaders and experts were unanimous about the growing prominence of environmental and social aspects in the wider governance, risk, and compliance (GRC) framework.

Gunjan Sinha, Executive Chairman of MetricStream, said that the environment, social governance, racial justice, social justice, and other such areas are relatively new to corporations worldwide and CEOs and boardrooms are increasingly demanding that as part of their GRC initiative.

Bruce Dahlgren, Chief Executive Officer of MetricStream, envisioned a future in which businesses will not only be measured on the basis of their profits and financials, but also their carbon footprint, diversity, and other such factors.

  • Climate Risk Among Top Risks

Climate risk has emerged as one of the top risks faced by businesses today as it will potentially affect every sector, organization, and individual. Risk leaders also concurred on bringing sustainability to the forefront of risk management.

Michael Rasmussen, Chief GRC Pundit, GRC 20/20, pointed out that ESG as a concept is not new, and was previously called corporate social responsibility (CSR).

In the past, however, it was perceived to be more of a branding issue and was managed by marketing teams. Today, the narrative is changing, with heightened focus from senior management, board, investors, and other key stakeholders.

“I see a lot of organizations restructuring their GRC programs, their ERM [enterprise risk management] and ORM [operational risk management] programs that are part of GRC, to address environmental, social, and governance, the ESG aspects,” noted Michael Rasmussen. “ESG is becoming something that measures the integrity of an organization and its values and commitments. That’s absolutely critical.”


All Things Cyber

With the growing digital interconnectedness of people, processes, systems, and businesses, cyber risk will continue to dominate the risk strategies of organizations.

  • Aligning cyber strategy with business goals

It has become critical for organizations to ensure the alignment between cyber strategy and business goals and objectives. This requires CISOs and security leaders to provide frequent updates on the cybersecurity posture to the board so that there is no communication gap.

  • Cyber Risk Quantification and Prioritization

Cyber risk quantification is the latest buzz word in the corporate world. Security experts explained that quantification of cyber risks in critical for prioritizing risks and controls and determining the monetary value and its impact on the business.

  • Global Cooperation

The thought leaders underscored the need to negotiate cybersecurity with major economic players. They called for global cooperation on cybersecurity.

Another key takeaway was that cyber will be a key component of any kind of conflict that happens between states in the future. In case of conflict, disabling the cyber capabilities of adversaries is likely to be a key strategy by countries.

Thrive on Risk

An over-arching theme was the strategic importance of risk. Organizations today are increasingly seeking to move from traditional risk management approaches to building and sustaining resilience.

“Resilience has always been something deep within the human spirit that makes you move on…In my view, the challenge lies somewhere between are we aware of that skill in us and do we know how to nurture that skill,” said Hatem Bennys, Strategic Business Support Chief, UNICEF.

To thrive in today’s fast-paced and volatile business environment, organizations must anticipate risks and turn them into a strategic advantage. Reiterating on this theme, James S. Gilmore III, Former U.S. Ambassador to the Organization for Security and Cooperation in Europe (OSCE) and Former Governor of Virginia, expanded on what organizations need to ask themselves:

“The C-suite executives have often had a defensive approach to risk management. What kind of insurance can we do against this? How can we prevent the loss? What can we do to minimize the damage? But what Gunjan and MetricStream, through the summit, are trying to emphasize [is] really something relatively new – and that is not just being defensive, but being proactive, being assertive. What can you do to thrive on risk? What can you do to actually improve your situation?”

Finally, I was also struck by the sense of collaboration, connection, and community: experts helping each other. We’ve all come through a challenging year and a half, and it’s not over yet. Sharing and learning is key – and the summit was a prime example of that.

Moving forward, as organizations adapt, evolve and strive to attain a competitive edge in the market, a key differentiator will be their preparedness to tackle the unknowns and the agility, speed, and resiliency of their recovery. It’s a chance to use risk strategically – and thrive.

Want to see for yourself? To watch the summit videos,click here.

To see how MetricStream can help you navigate today’s changing world of risks, request a demo.

Pat McParland

Patricia McParland AVP – Marketing

Pat McParland is AVP of Product Marketing at MetricStream. She is responsible for creating product messaging, product go-to-market plans, and analyzing market trends for MetricStream's cyber compliance and third party risk product lines. Pat has more than 25 years of financial data and technology marketing experience at Fortune 1000 brands as well as startups and has led product and marketing teams at Dow Jones and Dun & Bradstreet. She has a BA from the College of William and Mary and lives in Summit, New Jersey.