INQUIRY: Among the companies you speak with, which organizational departments (finance, operations, legal, HR, etc.) appear to have the most to gain from GRC automation?
RESPONSE: GRC is about collaboration across these roles – so all have a lot to gain from GRC technology enablement and automation. However I would state that business operations has the most to gain. The reason being is that it is the line of business that suffers most from a wide array of demands to assess, train, and respond to silos of GRC. I have been in numerous organizations in which they are looking at GRC technology to bring together varied assessment processes for operational risk, business continuity, SOX, IT, compliance and others. The reason being is that the business is fighting back – often stating that these silos of GRC are asking them similar questions every week. This week it is a Basel II operational risk assessment, next it is a business continuity assessment, then it is an IT risk assessment, after that is a SOX 404 assessment, and then compliance is sending something. Business operations wants a single platform to harness information and stop them from responding to similar questions week after week. Further, it is business operations that would desire a common portal into policies and procedures instead of a dozen different internal websites that store policies and procedures for varying functions.