The vision for GRC technology

“There’s never just one cockroach in the kitchen when you start looking around.”

With that picturesque quote, billionaire investor Warren Buffet summarised his risk management philosophy in 2017 when asked about the Wells Fargo fake accounts scandal.

Times have changed, but also not so much. After weathering a pandemic, wars and economic recession, leaders would do well to take the imagery of scuttling and ever-multiplying risk to heart, as their roles in overseeing and managing risk shift with the times.

Risks to financial performance, technology and political situations remain constant, but these are now joined by evolving threats such as cyberattacks, crypto and climate change. Directors now need to cover broader ground as boards increasingly focus on risk management as a means of driving performance. The latter is doubly important when organisations find themselves in a crisis situation, which seems to occur more frequently.

Dynamic environments translate to an increased need for constant, rapid and concise information-sharing between management and other areas of the business to aid in quick decision-making.

More data seems to be the answer, yet paradoxically we are in what scientists are calling the “Notitian Age” – drowning in data but thirsty for understanding. In the business context, leaders know the ever- evolving deluge of data is meaningless if they cannot interpret it. To equip leaders for the future, technology must bridge the gap between seeing the data and understanding what it is saying, to ultimately arrive at actionable insights.

Governance, risk and compliance (GRC) has evolved into another means for organisations to manage performance. It has become the third leg of the stool, along with customer relationship management (CRM) platforms and enterprise resource planning (ERP) software. While CRM drives sales growth and ERP helps organisations understand costs and plan their finances, GRC addresses the non-financial aspects that have a material impact on leaders’ ability to focus on performance.

GRC technology encompasses a wide spectrum, including board tools. In the past, board preparation involved manual collating, printing, ink-signing, in- person meetings, physical archiving and handwritten note-taking. Now, board technology enables executive teams to digitally collaborate in real time, and get feedback and approvals within the same system. Not only does this cut down on prep time and costs, but it enhances overall good governance practices and cyber security controls.

As great as this is, it is only the tip of the iceberg when it comes to GRC technology.

Diligent, for example, is building a fully connected GRC landscape, where every team’s tool – from board portals to internal audit, risk compliance and even ESG – can securely and contextually “speak” to each other; fuelling real-time insights powered by the organisation’s data that would otherwise be housed in disparate and disconnected places.

The solution, Diligent One, centralises the GRC practice into one platform – unifying data from across the business and enabling benchmarking against powerful third-party proprietary intelligence. It allows risk, audit, compliance and ESG teams to engage technology that powers their own activities, while providing a simple, secure and one-click solution to disseminate insights to the board – without ever leaving the platform.

Boards and executives can connect the dots, view a unified perspective on risks and make informed decisions that drive their business forward. Risk, compliance, audit and sustainability teams can achieve more with fewer resources, especially the scarcest resource of all: time.

GRC technology is also going to be significantly impacted by artificial intelligence. With AI, users could engage a conversational tone to ask the system to run a task, predict or identify emerging trends in a particular industry, model possible scenarios and even automate manual tasks such as capturing meeting minutes.

Some GRC organisations are already harnessing the power of AI across their solutions. Rather than poring through reams of ESG disclosure documents and reports, Diligent’s latest ESG benchmarking capability uses AI to analyse available data to create heat maps and allow organisations to score themselves against their peers.

But with opportunity comes risk. The concern with AI centres on the security and propriety of data. The future of GRC means pursuing powerful insights and ease of use without removing important checks and balances. Organisations need more control over their data, not less. AI in GRC technology needs be governed by the same principles in which we operate today: to make the leader’s experience as efficient, intuitive, easy and ethical as possible.

It is understandable that boards are concerned about their ethics and responsibility duties in this area. It is key for directors to be able to understand the compliance implications of their future decisions to make wise choices before rushing to add AI to their GRC tech kit.

Leaders who want to explore the AI landscape can gain benefit from certification programs which help identify opportunities and navigate effective risk management strategies around AI adoption.

Just 23 years ago, humanity held its breath wondering if the Y2K bug would bring about the collapse of technology. Today, we are wondering the same thing about AI. Where will we be in another 23 years?

With the intersection of business and innovation, there is limitless potential for unprecedented efficiencies, disruptive business models, and with that, ethical considerations. Digital transformation will play a major role in not only the continued viability of enterprises but also their role in shaping a responsible, technologically advanced future.

Where will your organisation be? How efficient is your leadership in seeing and managing potential risk? Are they making the connection between governance, market expectations and performance? Discover how GRC technology can positively impact your organisation.