Applying Technology to GRC — The Big Picture

Governance, risk management, and compliance (GRC) technology can provide big benefits to your organization. What can you expect and where do you start?
Governance, risk management, and compliance (GRC) technology can provide big benefits to your organization. What can you expect and where do you start?
Dan Zitting shares his perspectives in the video interview “Applying Technology to GRC — The Big Picture.” As VP of Product Management and Design at ACL Services, Dan has many experiences to draw from.
GRC Technology Benefits
What is the purpose of GRC technology? Dan explains it allows organizations to understand, manage, and find risk. The right GRC technology empowers organizations to discover ways of turning risk into opportunities. A GRC solution should focus on the “risk achieving objectives” of the whole organization.
As Dan puts it, “In integrated GRC there’s lots of pockets of risk management going on in companies. And there’s a big opportunity to deliver a lot of new value through effective risk management in turn enabling better risk taking by organizations.”
The magic happens when you have Data-Driven GRC. “Most companies (even those with mature GRC processes today) tend to do the risk-control-process stuff in one tool and analytics or BI in a separate silo. Every time we’re looking for the answer to a question in data with BI or analytics tools it’s usually a question about a particular risk, control or performance objective. If we can (from both a technology standpoint and a methodology standpoint) integrate those two activities into a single consolidated system it’ll make data come to life because you’ll be looking at it in the context of risk and in the context of the business.”
Where to Start
Dan says you should consider the following questions when planning a GRC technology implementation:
- What are the business objectives you’re trying to achieve?
- What are the risks to those objectives?
- What controls need to be in place to measure those risks?
- How do you evaluate and assess those controls?
- How is each functional area affected?
- What data sources can you use to evaluate risks and controls in new ways?
Dan warns anyone planning a GRC technology solution to find a balance between system requirements and conventional processes. “There’s a balance — convention over complexity. Fundamental workflow solves 80% of problem; that’s a great way to start. Rather than change the technology, can I change how I look at the problem to fit into the convention?”
Learn More: Watch OCEG Tech Talks
Dan’s enthusiasm is wonderful and he covers many more topics including:
- Implications of the line-of-defense model
- Use of technology to detect financial inefficiencies, waste and policy abuse
- Challenges of global GRC
- Technology solutions in large organizations versus small organizations
- Influence of human behavior on GRC
Stay informed and watch these 24 short videos.
“Applying Technology to GRC — The Big Picture,” is part of OCEG’s Tech Talk Series. The online videos explore GRC technology through interview with solution experts. Visit the full series listing for more information.