The role of GRC as a means of organisational intelligence
Governance, risk and compliance (GRC) provides organisations with the means to measure and enhance the organisation's performance through actionable intelligence. The ITWeb events team has recruited Head of Department for Financial Systems and Processes at SITA, Maihendra Moodley, to shed some light on GRC as a means of organisational intelligence. He will be speaking at the ITWeb Governance, Risk and Compliance 2018 event in February.
ITWeb: Can you tell us more about the role of GRC as a means of organisational intelligence?
Moodley: GRC provides organisations with a means to define, direct, measure and enhance their performance by providing actionable intelligence into what is practically occurring across the organisation, from a tactical to strategic perspective. By actively embedding GRC into the organisational fabric, it is possible to proactively identify potential strategic or tactical shortcomings which may only be visible when the organisations are monitoring the translation of their performance plans and objectives into practice.
ITWeb: What has brought about the change in GRC from being focused on ensuring implementation and integration as opposed to identifying the strategic intelligence value of GRC?
Moodley: The economic climate has increased the pressure on GRC practitioners to translate the value that GRC adds to the organisation. GRC-related expenditure has often been viewed solely as a cost, as opposed to a value-added means through which better decision-making to reductions in occupational fraud and abuse can be achieved. The challenge with trying to unlock the strategic intelligence value of GRC lies in being able to ensure that the information gained through the GRC processes can be timeously translated, communicated and transformed into effective decision-making which reduces potential losses, promotes organisational agility and improves competitiveness.
ITWeb: How can one demonstrate the practical strategic intelligence value of GRC?
Moodley: Demonstrating the strategic intelligence value of GRC is best achieved through creating a clear value proposition, with specific measurable benefits which are aligned to the organisations' critical deliverables, as opposed to adopting a "cut-and-paste" approach to value measurements. This minimises the strategic intelligence value of GRC being limited to being defined solely by the organisation's practitioners without correlating the value proposition with the needs of the organisation. Essentially, the practical value of the strategic intelligence provided by GRC lies in what the organisations decision-makers see as being value generated. This will vary across the organisation and demonstrating value requires an alignment to the decision-maker's needs.
ITWeb: What top three key points would you like to leave the delegates with from your upcoming presentation?
Moodley: I would like to leave delegates with a better understanding of the value of predictive analytics, a clear indication of why predictive analytics fail and to unravel the self-fulfilling challenge of predictive analytics.