The events of 2020 highlighted risk management in a way that no other situation could. Organizations were tested from all fronts in many ways, be it internal challenges with migrating to remote work or external challenges such as increased cybersecurity and third-party risk. Not a single business was left unscathed. The most important thing is that we learn from these events. Why is risk culture important? One important lesson we can take away is: we…
After breaking down some common but inaccurate assumptions about GRC tools and technology in Part 2, we’ll conclude with a closely related topic: weighing the costs, benefits, and return on investment, or ROI, for GRC initiatives. GRC Myths About Cost & ROI 8. GRC is a necessary inconvenience. Many organizations have traditionally approached GRC as a reactive process, scrambling to respond when there’s a risk event, audit finding, regulatory change, business disruption, or other…
Part 1 of this series debunked some common misconceptions about GRC program development and maturity. We explored why it’s important to establish a management framework that’s integrated across the enterprise, synchronized through standard processes, and supported by technology that enables digitization and automation. This week, we’ll take a look at concerns related to choosing and implementing GRC solutions. GRC Myths About Tools & Technology 5. All GRC platforms are equal. OCEG, a nonprofit think…
Getting stakeholder agreement on a coordinated approach to governance, risk, and compliance (GRC) management is no easy task. Budget, buy-in, departmental silos, and existing processes and tools (or lack thereof) can all stand in the way of pursuing GRC program maturity. Yet, apart from these challenges, many organizations fail to consider the return on investment from and business benefits of an integrated, technology-enabled GRC program. In this series, we’ll explore some of the most…
The Business Value of ERM Technology for Banks In Part 1 of this series, we explored how banks can build a business value case for enterprise risk management (ERM). For many institutions, extracting that value will be difficult without the digital transformation that a technology-enabled ERM program facilitates. Technology for governance, risk, and compliance (GRC) management has come a long way — from spreadsheets and office software, to cobbled-together solutions that don’t connect across…