INQUIRY: In 2009, what will be the least obvious/highest impact business or market trend resulting from GRC automation?
RESPONSE: Tough question – but I am happy to play the prophet. I would have to say it is the use of GRC technology to extend GRC processes to business partners. There are more also areas of GRC technology such as automated controls and business rules engines that will see further growth in 2009. The biggest value I am beginning to see is the extension of policies & procedures, training, and risk & control assessment to an organizations business partners. Highly regulated organizations like life science companies already have to see that certain vendors have communicated and trained vendors/business partners and their respective employees on policies and procedures. Liability and new regulatory requirements is seeing this grow. Further, I am seeing many organizations begin to ask how they can leverage technology they have used for other areas to conduct self-assessments of controls to their business partners. Typical contract language includes right to audit clauses which organizations with hundreds of relationships are not exercising. This is an issue and the way out is the use of technology to push the burden on conducting self-assessments out to business relationships is the answer. I was at an organization yesterday that is a software platform hosted on the web to push assessments of risk and controls out to thousands of business partners for environmental, health and safety, quality, and corporate social responsibility audits. By the way, this is a huge boon to the GRC vendors that are Software as a Service (SaaS)/on-demand platforms as it is the easiest way to give access to policy & procedure communication and training as well as risk & control assessments to thousands of relationships without opening up your network to everyone.