The dynamic and global nature of business is challenging organizations to effectively and efficiently implement processes for governance, risk management, and compliance (GRC). As organizations expand operations, processes, locations, and business relationships (e.g., vendors, supply chain, outsourcers, service providers, consultants and staffing) their risk profile grows exponentially. Organizations need to stay on top of their game by conducting GRC audits and assessments (for both risk and compliance) as needed. This means having the ability to conduct regular/periodic assessments; but also be ready to conduct an assessment as business changes and issues arise.
Greater scrutiny of organizational processes, increased regulation, exposure to significant liability, and demand for shareholders to ensure the organization is properly managed has caused the number and variety of GRC related assessments to grow exponentially. Organizations are scrambling to complete risk and compliance audits and assessments across the business and its operations. GRC roles are limited in their resources to complete assessments and need to focus on efficiency as well as effectiveness. When an organization approaches this in a document-centric (e.g., spreadsheets, word processor documents) approach, assessments fails to actively manage risk in a timely and efficient manner. Information is trapped in documents that are out of sync, have no audit trail, and require a significant amount of time to consolidate and report.
It is not just the number and variety of assessments that burden the organization – but also the diversity. Organizations are conducting regular audits and assessments across the business and its relationships, often bringing the assessors/auditors to remote areas of the business and the world.
Success in today’s dynamic business requires organizations to integrate, build, and support GRC processes that are efficient, effective and agile. This requires that organizations engage technologies that deliver on this. Mobile technology has begun to permeate the enterprise – and is now providing benefits to the world of GRC. Organizations are beginning to look towards mobility for GRC processes such as policy communication, training, attestation, issue reporting, investigations, assessments, and audits. The goal is to make GRC processes more efficient, effective, and agile to the needs of the business.
Mobile GRC for audit and assessment purposes gives the organization flexibility in deploying GRC professionals to conduct assessments. A mobile audit and assessment platform allows for low hardware costs and the ease of conducting assessments in diverse environments.
Mobile devices provide for ready and easy access for assessment personnel to enter information, capture audio interviews, and use without having to find a desk or enter information in awkward locations. The auditor/assessor is able to walk through locations, enter information, and capture evidence without having to sit down and boot up a laptop or scribble notes on a paper/document. Simple drop-down lists can be used for accurate, consistent and efficient information capture. Organizations can leverage the hardware capabilities of mobile devices to use integrated cameras to capture evidence of issues, non-compliant situations, or other evidence collected during assessments. Pictures supporting evidence and findings do not have to be manually processed and imported into the system as they can be directly taken through a tablets camera as part of the application. When conducting interviews, a tablet is less intrusive and provides an environment of greater interaction without being hidden behind a laptop.
CAUTION: not all mobile apps are created equal. In fact, many GRC technology providers advertise mobility and what they mean is that their app may work in a mobile web browser. This may not be the right fit for the organization. The interface itself might be difficult to operate in a mobile browser – and it also requires online access. A true native app allows for greater design and control over the interface, the ability to integrate with the hardware such as cameras and microphones to capture evidence and findings, and allows for offline access if designed correctly. Many audits and assessments are being conducted in location where wireless and cellular access cannot be guaranteed – a true mobile app is most often the best fit for an organization.
The growing demand for GRC assessments and audits requires that organizations be agile in how they are conducted. The use of mobile audit and assessment platforms is a particular way to achieve greater levels of assessment agility, effectiveness, and efficiency.