OCEG recently released their 2016 GRC Technology Strategy survey findings and the results contain some interesting observations about current and future state GRC solutions. For those that may not be familiar, OCEG is a nonprofit think tank and community that helps educate and inform members on governance, risk management, and compliance. They provide content, best practices, education, and certifications to drive leadership and business strategy through the application of the OCEG GRC Capability Model and Principled Performance. The survey was designed and analyzed by GRC 20/20, which is headed up by Michael Rasmussen.
This year’s survey consisted of 290 respondents, which were organizations using or considering GRC solutions. Our biggest takeaways from the survey are below.
Organizations responded that the most important factor considered when purchasing new GRC solutions is ease of use. This clearly illustrates that enterprises are fed up with legacy software that is not intuitive and ultimately leads to countless hours of wasted time trying to get things working correctly. Often times, legacy software is rife with custom add-ons that do not fit into the core offering of the tool, over complicating the user interactions.
With an easy to use solution, organizations can focus on their business processes, reporting, and improving their overall GRC regime. The software should be able to be picked up by virtually anyone in a matter of minutes. This means that organizations do not need to send staff through time consuming and expensive training and certification programs or engage an army of consultants to implement the solution. The primary focus of LogicGate is to empower companies to build or easily modify out-of-the-box GRC solutions that intuitive, agile, and easy to use for both administrators and end-users. Pre-configured templates can be selected so that companies can be up and running in days, not months. One of our core philosophies is to create GRC solutions that are intuitive, thereby increasing adoption rates and helping organizations achieve a much quicker ROI than traditional compliance software.
It’s hard to imagine that about half of organizations still use spreadsheets, documents, and emails as their primary solution to perform activities like risk management, compliance management, policy management, and incident management. The lack of a central repository to manage GRC activities results in inadequate reporting capabilities, lost productivity, and opens organizations up to more risks that regulations and internal policies are not being properly followed.
We have detailed in a previous post why it is a bad idea to run your business on excel and the risks involved. The major problems being that there are no formal controls around access, there are multiple version of truth, and data quality is very difficult to maintain.
The LogicGate workflow platform is designed such that different components of an organization’s governance, risk, and compliance program can be added on to the centralized platform as they are needed. Unlike traditional GRC solutions, each module can talk to the other and share data to keep CCOs informed of every part of their business. The rules, logic, and workflow that govern each GRC activity can be modified at any point by a power user.
We call our approach with LogicGate ‘Agile GRC’. This empowers companies to:
You can download the full report from the OCEG website at http://www.oceg.org/auth/resources/2016-grc-technology-strategy-survey-report/
The critical importance of operational resilience in financial services is evidenced by the flurry of guidance from global financial regulators detailing expectations and mandating best…
A well-planned incident response capability can protect your organization from external and internal threats, no matter where work takes place.
Risk Cloud Exchange is an ecosystem that is designed to inspire your risk program in Risk Cloud by giving you that holistic look into the…
