GRC 2021 Predictions: Being Fully Digital in a Hybrid World
Governance, Risk, and Compliance (GRC) teams started 2020 with a clear picture of what they were going to focus on.
GRC initiatives that were firmly in play typically covered enhancing capabilities around accountability, such as the UK’s Senior Managers and Certification Regime (SMCR) or Australia’s Banking Executive Accountability Regime (BEAR).
Data privacy, based around the EU’s GDPR and the US CCPA and NYPA, also remained significant drivers for projects, alongside enhanced expectations of the resilience of business processes, as well as a continued focus on anti-bribery and corruption, for example.
COVID-19 upset GRC expectations
For businesses globally and their GRC teams, COVID changed many of these plans, as staff began to work from home on a widescale and sustained basis. For GRC managers, key issues became understanding where their workforce was located away from the office and how they worked.
GRC teams focused on ensuring that the office-based systems and processes continued to work as needed, even with homeworking. The critical issues for them, and the business, were maintaining transparency, auditability, and efficiency.
Following the pandemic outbreak, the focus of many GRC efforts in 2020 has shifted to helping digitize many paper-based and manual processes. While business process automation is widespread, the use of error-prone manual processes – both paper-based and electronic – has remained a consistent feature of businesses of all sizes.
While greater automation often features in the 3-year plans of many businesses, COVID has forced them to re-prioritize this effort. Now, they’re replacing manual processes with digital processes, either using informal systems, or fully automating them.
So, what are the predictions for 2021?
There is some excellent news on the horizon, with vaccines moving rapidly toward distribution and with testing continuing on an unprecedented scale.
However, the challenges of working in a COVID-dominated world will remain for organizations in 2021.
Expectations of working practices have changed permanently. Mixed hybrid working will become the norm driven by workers wanting a better work-life balance and governments wanting to reduce congestion and pollution.
I believe this will drive five fundamental changes in 2021:
Paper is NOT coming back
Manual processes cannot work in a hybrid environment, and organizations must continue to focus on digitizing and automating business processes that will allow their staff to work from home and the office into 2021 and beyond.
Trust but verify
The COVID pandemic demonstrated that staff understood their core business processes and could be trusted to adhere to them. But shareholders, auditors, regulators will still need visibility to ensure they can verify the final results. Make it easy for your staff, management, and shareholders by using automation to do the heavy lifting in providing transparency and auditability, so your staff can focus on the customer.
Formalize your informal processes
Everyone made effective use of spreadsheets, email, shared drives, and Dropbox accounts to make everything workable in March and April 2020. The need for management controls, auditability and transparency, will mean these ad-hoc workarounds will need to be replaced with formal applications that meet the revised staff, management, and stakeholders’ needs.
Make changing easy, make changing quick
One benefit of working from home is that management now has much better visibility of these informal processes and where the gaps are in managing them. However you address these issues, for the benefit of your staff, management and regulators, use quick-to-implement and easy-to-use tools to fix the gaps you now know you have.
Ensure your supply chain is following your lead
Your supply chain will face similar challenges to you. Apply the same transparency and auditability to them to make sure they remain in lockstep with you and the direction of your business.
A bonus prediction: Know what your regulator now needs
Regulators and auditors have not lessened their scrutiny in 2020, although they are sympathetic to the challenges everyone has faced. They will expect businesses to raise their game so that the standards they require for transparency and auditability are maintained in a hybrid working environment.
So what options do you have?
Time, resource, and budget constraints are pushing businesses to augment their existing GRC systems by leveraging solutions that address specific issues. There is less enthusiasm for replacing manual and semi-automated processes wholesale with large enterprise applications.
In order to be successful in 2021, organizations need GRC software that will allow them to control their risk and compliance profile, while also supporting their widely distributed workforces. A combination of effective policy definition, automated policy enforcement – using an EUC management platform – and automated reporting will help raise the game of any organization.