Questions about Metricstream interviews

The driving force behind GRC today is risk management - compliance is a thing of the past

Compliance is no longer the main driving force behind Governance, Risk and Compliance (GRC). In a study by MetricStream, 70% of respondents said they use GRC primarily for risk management. In this post, MetricStream discusses the reasons for the increasing focus on risk management and how companies can use technology to create a lean and transparent GRC infrastructure. This post originally appeared on the MetricStream blog and is being republished here with permission.

The Enron bankruptcy is undoubtedly one of the largest accounting fraud cases ever uncovered, not only in the US but also worldwide. The Enron scandal also reveals a fact that is often clearly recognized, but ignored: a well-written code of conduct or an equally well-written compliance manual is by no means an effective compliance program. Enron had a convincing code of conduct - at least on paper. But even this could not prevent the collapse of the energy company.

Modern CIOs finally have to face reality. If you believe that governance, risk, and compliance (GRC) is a priority for the CIO today, you should reconsider. GRC is growing and evolving. Fast. Very fast. While today's CIOs understand the importance of GRC, the arguments for investing in GRC have shifted from compliance to risk management. Compliance is now seen as "given".

In a recent survey by MetricStream, 70% of respondents said they use GRC to optimize their company's risk management. Other factors such as cybersecurity, the compliance of partner companies and compliance with laws and regulations are clearly still among the most important drivers, but are now only second behind risk management.

What is risk management and what makes it so difficult? In the Financial Times Lexicon, risk management is defined as follows: “The process of identifying, quantifying and managing the risks a company faces. The future results of any entrepreneurial activity are uncertain and must therefore be viewed as fraught with risk. ”Various factors make risk management difficult. However, mobility is currently the factor with the greatest impact on a company's risk quotient. Mobility is no longer just about tablets and smartphones. Today even the data itself is mobile. The CIO of a major bank said in a recent interview with MetricStream: “I have 3,000 apps in the cloud.” That means: data is everywhere and also extremely mobile.

In order to enable a nationwide introduction, MetricStream, the market leader in GRC apps, is working on a comprehensive GRC solution that also simplifies GRC processes. With a fully unified and comprehensive GRC technology, companies can build a centralized and transparent GRC ecosystem. This can promote a company-wide culture with a high level of awareness and clear responsibility for GRC, in which each employee and functional area can independently control their risks and compliance tasks, while at the same time data is consolidated company-wide and made available in a higher-level GRC summary. As part of its overarching GRC strategy, MetricStream offers GRC functions that are integrated into the customer's apps in advance.

The simplification of all GRC processes is a central concern of MetricStream. "We want to ensure that our customers' GRC needs are seamlessly met and integrated with their existing Salesforce or ERP solutions," said French Caldwell, chief evangelist at MetricStream.

A look into the future: In order to establish GRC as a completely pervasive and all-encompassing solution, technologies such as advanced analysis and monitoring functions are required that offer seamless availability of risk data and regulatory intelligence.

About the author

Peter is the sales director in Germany.