What Are Our GRC Experts’ Predictions for 2021?
If 2020 has a lesson for anyone, it is not to make any predictions. That said, predictions do offer people the chance to take stock and sense what the priorities are for the coming months, and where they need to focus their efforts and investments.
Discussing trends and expectations for 2021 with some senior Mitratech executives recently, it was interesting to see how the major issues of 2020 – working from home, the business disruption, the constant change in regulations and policies – are shaping their thinking for 2021.
Talking with customers in 2020, each of them felt that streamlining and automating areas like policy management, Shadow IT management, and vendor risk management had moved up in importance on many corporate agendas.
Henry Umney: Resilience will become part of BAU
Henry Umney, SVP Commercial at Mitratech GRC, commented that, “I think that 2021 will be the year when Operational Resilience becomes part of the BAU for many, especially in Financial Services. We know regulators are confident that institutions are well funded; we also know that a major focus now is non-financial risk. Expectations around being resilient operationally are now sky-high, and demonstrating resilience to regulators is the newest regulatory change for many.”
Henry added, “Informal systems – the spreadsheets and applications end users create to fix and manage business problems, rather than using corporate systems – are a focus for regulators now. They imposed a $400m fine on one institution that did not have the controls in place to manage this Shadow IT environment, potentially compromising its risk management and its resilience. Saying ‘it’s just spreadsheet, it doesn’t matter’ won’t cut it anymore.”
Tony Bethell: Businesses will seek more supply chain cybersecurity
Tony Bethell, SVP Strategic Alliances for Mitratech added that “Henry is right about higher expectations around resilience, and our partners around the world are telling us that companies are looking at how resilient their supply chain is too. Higher expectations, plus the hard lessons of 2020, are encouraging companies to look closely at the systems and processes that the businesses in their supply chain have in place to maintain resilience.”
Tony continued, “A major issue is cybersecurity, as working from home gives hackers more opportunities to find weaknesses they can exploit with phishing attacks and spearfishing. This year, interest in cyber resilience in the supply chain will be significant. Resilience in depth will be important this year too, not just in cyber but also for business continuity management, policy management, staff vetting and more. Suppliers will need to demonstrate they have this under control, even down to 4th and 5th level relationships.”
Mike Williams: Reliance on paper-based processes will (finally) vanish
Mike Williams, CEO MItratech, had a different perspective. “For me, a key lesson for 2020 is that business practices that relied on informal, manual, or paper-based processes will disappear for good. Customers, regulators, and stakeholders will not tolerate them any longer because they are impractical for staff who will blend working from home and from the office, post-pandemic. Customers won’t tolerate poor service; regulators and auditors will expect risk events created by hybrid working to be found and fixed fast. Automation makes hybrid working viable.”
Mike continued, “The really positive dynamic is that many businesses already recognize this, and from the customer meetings I have had this year, they are focusing on how to eliminate these processes once and for all. I have had amazing conversations about streamlining and automating HR processes, hiring processes, policy management processes, risk management processes – the list goes on.
“Company managers know that these manual and paper processes all worked before because their hard-working staff, based in the offices, used their experience and skill to make them work,” he says. “With everyone moving to hybrid working, we will spend 2021 helping them to automate workflow management, policy management, vendor management, Shadow IT management, and more, to maintain essential business processes. I think the emphasis will be on filling in the gaps to solve problems quickly and cost-effectively.”
He concluded, “I take great personal satisfaction from knowing our customers are relying on us to help them overcome the problems of 2020 and move into 2021 on the front foot, raising their game and finding new opportunities.”