The Best Laid Plans of Mice and Men . . .Organizations today are distributed and dynamic. With the globalization of business, organizations find that governance, risk management, and compliance (GRC) has become complex; crossing departments, jurisdictions, geographies, and cultures. The modern organization is a complex web of employees, suppliers, vendors, contractors, consultants, agents, and third parties. At the same time, organizations are constantly changing: business is dynamic. Employees, relationships, regulations, risks, economies, litigation, regulation, and legislation are constantly changing. GRC professionals are challenged to get a big picture point of view of the range of issues being reported across the organization and the management of cases that impact how the organization’s “ability to reliably achieve objectives while addressing uncertainty and acting with integrity.” Issue reporting and case management has become a moving target which needs a structured approach supported by a strong process, information, and technology architecture. Well run organizations, with GRC processes, still have issues, incidents, cases, and investigations. As the poet Robert Burns states, “The best laid plans of mice and men often go awry.” Whether unintentional issues or acts of the malicious miscreant, organizations need to be prepared and have established processes in place to manage issues as they arise in the organization. The typical organization has a variety of departments managing a diverse range of issues, cases, incidents, and investigations. These issues and cases are often managed in silos of documents, spreadsheets, and emails or in home-grown databases and applications. Different departments often have diverse approaches and the organization does not have insight into the range of issues that are happening across operations. Organizations often lack a central repository for case management and the use of home grown solutions has limitations that make the issue management processes inefficient, ineffective, and burdensome to the organization. Issue reporting and case management is often a tactical and fragmented approach with highly diverse approaches taxing the business. Issue management across the organization is often scattered across departments, such as:
- Corporate security
- Customer complaints
- Ethics and compliance
- Fraud and corruption
- Health and safety
- Human resources
- Insurance claims
- IT security
- Physical security
- Third party suppliers and vendors
- Inability to gain a clear view of issue reporting and case management interdependencies
- High cost of consolidating silos of GRC and issue management information
- Difficulty maintaining accurate GRC and issue management information
- Failure to trend across issues, departments, and reporting periods
- Incapability of providing GRC and issue intelligence to support business decisions and strategic planning
- Redundant approaches that limit correlation, comparison, and integration of information
- Lack of agility to respond promptly to changing regulations, laws, and business environment
Dynamic & Distributed Business Compounds the ProblemOrganizations are seeing increased scrutiny and focus on compliance activities from:
- Governments worldwide are increasing their scrutiny of organizations and have become more prescriptive in their regulations and standards.
- Enforcement agencies have grown more sophisticated in assessing “real” versus “paper” ethics and compliance efforts.
- Stakeholders, including investors, activist groups, consumers, business partners, and employees are demanding transparency and accountability.
- Align stakeholder demands for transparency and accountability.
- Leverage emerging technologies to improve efficiency, effectiveness, and agility.
- Enable GRC professionals to better target resources where issues identify the greatest exposure.
Case Management Software
Building a Business Case & Articulating Value to the OrganizationOrganizations often approach issue reporting and case management in manual processes encumbered by documents, spreadsheets, and emails. This taxes and slows down investigation processes, and makes reporting very time consuming and often inaccurate because of scattered information. GRC 20/20 Research has conducted a detailed study of organizations that moved from manual document centric approaches to i-Sight case management. GRC 20/20 found that organizations that utilize purpose built software for case management make their issue reporting and case management processes more efficient, effective, and agile. This results in a quantifiable return on investment. On October 5th, 2-3pm, join presenter Michael Rasmussen as he outlines how case management software can make issue reporting and case management more efficient and agile. In this webinar, organizations will learn how to:
- Avoid the costs of manual document-centric processes in wasted time and resources
- Identify specifics on how software makes issue reporting and case management more efficient, effective, and agile,
- Measure and quantify the value in time and dollars saved with case management software
- Build a business case to justify case management software in your organization
 This is the official definition of GRC as found in the OCEG GRC Capability Model.  For the purpose of this report, the term issues and cases will be used but should be understood to include incidents and investigations.