In the previous 2 entries, we discussed what Governance, Risk and Compliance means and how to effectively deploy a GRC plan. But how do you know you are on the right track and what GRC software tools are available to help you?
Return on Investment
Firstly, like any other business undertaking, a GRC deployment needs to be evaluated in terms of material benefits. To calculate its ROI, you can compare the cost of implementing GRC to:
- The savings from the reduction of legal fines due to compliance
- The savings from streamlined financial/operational processes due to improved reporting accuracy and employee productivity
- The increase in new market revenue due to:
- Compliance measures helping to expand business
- Attraction of net new partners and customers
- Effective risk management enabling aggressive business initiatives/ventures
- Better business insight from improved reporting and analysis strategies
Performance benchmark
Once knowing your ROI, it is beneficial to benchmark your performance against that of top- performing companies that are proactive in their GRC plan. A study by Aberdeen in 2011 shows that these companies have experienced:
- A 92% of audit success rate from all audits performed in the past five years
- An 88% forecast accuracy of actual revenue to budgeted revenue in the past year
- A 27% growth in new market revenue in the past 12 months
- An 18% reduction of cost of audits, including fines / penalties / corrective labor in the past two years
- An 11% reduction in time dedicated to addressing internal reporting errors in the past two years
GRC software
One of the reasons best-in-class organisations can achieve such things is because they establish GRC platforms to promote visibility over risk and compliance activities. This factor is also considered a primary requisite for any GRC technology by a majority of respondents (65%) in a KPMG survey (2012). However, many senior risk and compliance stakeholders in Asia Pacific still do not perceive technology as a key component to deploying and maintaining an effective GRC framework (KPMG, 2013). The reasons could be:
- Companies do not realise they already have many of the technologies needed to enable a real-time risk and compliance environment
- There is a lack of clear ownership of GRC processes
- It is hard to make a compelling business case for GRC software solutions because of the uncertainty in calculating the total cost of compliance
As such, companies need to understand how technology can help with their governance, risk and compliance implementation. A robust enabling technology environment addresses all 3 levels of business processes: operational, tactical and strategic. Some benefits of GRC software are:
- Policies and standards are applied at the time of business process execution due to a real-time risk, compliance and monitoring environment
- GRC responsibilities are actively assessed and managed by linking obligations and controls
- Non-compliance incidents are actively identified, escalated and reported with automatic alerts
- Accountability is built into the management and reporting of events by creating a closed loop system which ensures that action is taken
Nowadays, companies leverage various types of technology capabilities including:
- Discrete GRC solutions: targeting specific risk and compliance processes
- Optimised use of current technology: extending functionality of existing in-house systems
- “Out-of-the-box” GRC software: handling GRC aspects with varying degrees of effectiveness
- Real-time risk and compliance environment: investing in discrete and in-house solutions and tie them together using real-time integration technologies
It is generally good practice to aim for a real-time GRC environment, where "policies are actively enforced through cross-system validation of information against predefined business rules" (PwC, 2004).
This is the last post in our series of 3 on GRC. We hope you have found the information useful. Previous articles:
- Governance, Risk and Compliance: Context and definition
- Success factors of a governance, risk and compliance plan
***
Subscribe to our blogs to get great content delivered straight to your inbox!