GRC tames business uncertainties
Today we are living in a world full of uncertainties, making governance, risk and compliance (GRC) critical for survival.
So said French Caldwell, chief evangelist at GRC solutions provider MetricStream, in a keynote address at the ITWeb GRC Summit 2015 held at the Forum in Bryanston yesterday.
He likened the uncertainties businesses face today to a road trip. "When driving a car on a road trip, you will never be certain if you will make it from point A to B because of a number of factors," said Caldwell.
However, from a business point of view, GRC tames those uncertainties and enables organisations to manage risks, he urged.
The pace at which globalisation is taking place is one such, said Caldwell.
Consider the threats recently made by the UK to pull out of the European Union; the challenges presented by the Snowden revelations; and the economic problems that Greece is facing. However, our companies still want to do business with global companies.
Faced with the globalisation challenge, Caldwell noted, companies now have to understand the risks involved in all the countries they deal with.
He noted the unpredictability of the global economy also makes business operations uncertain for businesses.
"GRC enables organisations to understand beyond the four walls of their business in the global economy."
Another uncertainty is cyber threats, Caldwell revealed. "Cyber threats present the biggest risk most organisations face today. Ten years ago, such threats did not even make it into the top 10 risks companies faced."
He cited the recent hacking of Sony as an example of how cyber risks have escalated over the years. Furthermore, the rise of the Internet of things will also exacerbate cyber threats, he added.
According to Caldwell, social media is also posing the most critical business uncertainties. As an example, he pointed to Sarah Kavanaugh, a 15-year old Mississippi resident, got over 200 000 signatures of support for an online petition complaining about Pepsi's use of brominated vegetable oil in its Gatorade product line.
The company later removed the controversial ingredient from the sports drink products, thereby demonstrating the power social media now has on business, Caldwell said. "If we are not paying attention to our reputation on social media, we will fail."
Resources are also causing other business uncertainties, Caldwell said, giving the example of the unpredictability the oil industry is facing at the moment.
"No one ever imagined oil prices would ever drop to the current levels, and this has created a lot of challenges for the market. We have to make sure we put in place the right GRC models in order to make key business decisions."
Giving recommendations for a successful GRC programme, Caldwell urged organisations to build their own GRC use cases, and these should not exceed 10.
"Organisations must then prioritise the use case list to align to the phase of the GRC journey that they are in. On the list, they should just focus on the first two to three cases, then match use cases to GRC apps and establish a GRC team with solid project management expertise."
For GRC to be successful, companies must make change management an important part of the project, he concluded.