<img src="https://d5nxst8fruw4z.cloudfront.net/atrk.gif?account=53pUm1a4KM+2vg" style="display:none" height="1" width="1" alt="" />
TRG in the Board Room Blog

Measuring GRC benefits and the role of software

Posted by Thai Pham on

In the previous 2 entries, we discussed what Governance, Risk and Compliance means and how to effectively deploy a GRC plan. But how do you know you are on the right track and what GRC software tools are available to help you?

Return on Investment

Firstly, like any other business undertaking, a GRC deployment needs to be evaluated in terms of material benefits. To calculate its ROI, you can compare the cost of implementing GRC to:

  • The savings from the reduction of legal fines due to compliance
  • The savings from streamlined financial/operational processes due to improved reporting accuracy and employee productivity
  • The increase in new market revenue due to:
  • Compliance measures helping to expand business
  • Attraction of net new partners and customers
  • Effective risk management enabling aggressive business initiatives/ventures
  • Better business insight from improved reporting and analysis strategies

Performance benchmark

Once knowing your ROI, it is beneficial to benchmark your performance against that of top- performing companies that are proactive in their GRC plan. A study by Aberdeen in 2011 shows that these companies have experienced:

  • A 92% of audit success rate from all audits performed in the past five years
  • An 88% forecast accuracy of actual revenue to budgeted revenue in the past year
  • A 27% growth in new market revenue in the past 12 months
  • An 18% reduction of cost of audits, including fines / penalties / corrective labor in the past two years
  • An 11% reduction in time dedicated to addressing internal reporting errors in the past two years

grc software trg

GRC software

One of the reasons best-in-class organisations can achieve such things is because they establish GRC platforms to promote visibility over risk and compliance activities. This factor is also considered a primary requisite for any GRC technology by a majority of respondents (65%) in a KPMG survey (2012). However, many senior risk and compliance stakeholders in Asia Pacific still do not perceive technology as a key component to deploying and maintaining an effective GRC framework (KPMG, 2013). The reasons could be:

  • Companies do not realise they already have many of the technologies needed to enable a real-time risk and compliance environment
  • There is a lack of clear ownership of GRC processes
  • It is hard to make a compelling business case for GRC software solutions because of the uncertainty in calculating the total cost of compliance

As such, companies need to understand how technology can help with their governance, risk and compliance implementation. A robust enabling technology environment addresses all 3 levels of business processes: operational, tactical and strategic. Some benefits of GRC software are:

  • Policies and standards are applied at the time of business process execution due to a real-time risk, compliance and monitoring environment
  • GRC responsibilities are actively assessed and managed by linking obligations and controls
  • Non-compliance incidents are actively identified, escalated and reported with automatic alerts
  • Accountability is built into the management and reporting of events by creating a closed loop system which ensures that action is taken

Nowadays, companies leverage various types of technology capabilities including:

  • Discrete GRC solutions: targeting specific risk and compliance processes
  • Optimised use of current technology: extending functionality of existing in-house systems
  • “Out-of-the-box” GRC software: handling GRC aspects with varying degrees of effectiveness
  • Real-time risk and compliance environment: investing in discrete and in-house solutions and tie them together using real-time integration technologies

It is generally good practice to aim for a real-time GRC environment, where "policies are actively enforced through cross-system validation of information against predefined business rules" (PwC, 2004).

This is the last post in our series of 3 on GRC. We hope you have found the information useful. Previous articles:

 ***

grc governance risk compliance

Subscribe to our blogs to get great content delivered straight to your inbox!

Topics: Corporate Performance Management CPM, Enterprise Performance Management (EPM), Risk Management, Technology trends

Subscribe to TRG Blog

Follow Us

Subscribe to TRG Blog

Our Editorial Mission

rick yvanovich resized 174

 Rick Yvanovich
 /Founder & CEO/

With TRG International Blogs, it is our mission to be your preferred partner providing solutions that work and we will make sure to guide your business to greatness every day.

Upcoming Events

Posts by Topic

see all