Humans excel at analytics; it is the way our brains are wired. We are constantly taking in information, processing, analyzing, and making decisions. Whether it is crossing a street, reading a book, watching a show, being a spectator or a participant at a sporting event . . . we are constantly analyzing everything around us.
The challenge is that we can be throttled and slowed down in analysis. This is particularly true in a Governance, Risk Management, and Compliance (GRC) context. The official definition of GRC is that it is “a capability to reliably achieve objectives [GOVERNANCE], while addressing uncertainty [RISK MANAGEMENT], and act with integrity [COMPLIANCE].” To achieve GRC means that GRC roles and functions have to take in a massive amount of information, process it, align it in context, and make decisions.
Historically, we have done this manually. A lot of manual information gathering, processing, and reporting. Documents, spreadsheets, and emails were the backbone of this process. I was recently talking to one organization that was spending 200 employee hours building one report on GRC for the board of directors. They were combing through stockpiles of documents, spreadsheets, and emails gathering, calculating, and documenting information. This is not agile in today’s dynamic, distributed, disrupted business environment. We need GRC context quickly and efficiently. We need information to make the organization agile in a dynamic risk environment.
GRC related technologies have provided great benefit in automating . . .
[this is continued as a guest blog written by GRC 20/20 Research on the IsoMetrix Blog]