GRC software’s search for consistency

Of all the business functions, Governance, Risk and Compliance (GRC) is perhaps the most expected to be accurate and reliable. However, with several recent reports and our own survey at the MetricStream Summit highlighting consistency as an aspect to focus on, investment in this area should be a priority over 2020.

While any discrepancies may be the last thing you’d expect from the function attached to compliance, 35% of the surveyed GRC leaders at the MetricStream summit told us inconsistency across their organization was their biggest challenge with GRC software. It proved a more common concern than people not using the software (30%), processes taking too long (20%) and processes not being completed properly (15%).

Whether as a result of set up or process, an unclear or fragmented GRC platform could create a host of problems, from measuring effectiveness and tracking top-level business objectives to day-to-day issues for legal teams. In short, unreliable GRC software use could lead to the application creating the kind of situations it’s there to protect against.

In terms of addressing the problem, the GRC system itself clearly has to be of a sufficient standard and provide a uniform experience, but so does the way it is used, managed and measured. Inconsistent usage throughout a business is often a sign that users don’t understand what to do within the software, but could also suggest they don’t know enough about why the software is there and what it can do for them.

Either way, additional communications about applications and guidance on how to use them can go some way to increasing user understanding—especially if it’s delivered within the application itself. Enabling this, as well as evidencing organizational uptake and performance of software is where a digital adoption solution, like our ADOPT platform, can be invaluable.

While adding these supporting elements to a software requires additional investigation and investment, the business outcomes of more consistent, connected GRC platforms are unquestionable. The Known Unknowns 2020 report released by leading GRC software company MetricStream looked at the perils and opportunities facing the space and summed them up as follows.

“The market will continue to reward risk-takers, but to play the high-stakes game, organizations will need to move beyond the siloed, fragmented risk programs of the past.”

And while you may expect this outlook from a software vendor, they are not alone. A central finding of Deloitte’s 2019 survey of risk management states that “organizations with highly integrated risk programs, integrated across the enterprise, are realizing value from risk management. Such organizations typically exceed profitability targets more often and achieve higher growth than those with less integrated programs, which may struggle to realize value and achieve desired outcomes.”

Finally, as part of PWC’s 2019 State of Compliance Study, they identified six habits that lead to more digitally fit risk and compliance functions. One of these behaviors was “Collaborate and align to provide a consolidated view of risks”. And while consistency in terms of commonly shared tools, metrics and data are highlighted as key outcomes on the back of this behavior, an emphasis is also placed on getting—and staying—connected to the wider business.

Between our survey and these findings, the sentiment is clear. While consistent usage is a goal for all software, it’s a real target to aim for in the GRC space. And if that can be reached by investing more in how you support your software, the results more than warrant it.


 

If you want to improve the organizational consistency of your GRC applications, watch our latest GRC webinar on why having software in place is just the beginning. Presented by Andrew Barlow, our Cofounder and VP of Advocacy and Innovation, it’s a 25-minute introduction to digital adoption for the GRC space, sharing how the principle and our ADOPT platform can bring certainty to your GRC software.