Governance, risk management, and compliance — what we refer to collectively as GRC — is the capability to reliably achieve objectives [GOVERNANCE], address uncertainty [RISK MANAGEMENT], and act with integrity [COMPLIANCE]. Over the past twenty years, we have seen technology evolve and mature to assist organizations in achieving this definition of GRC.
This evolution of GRC technology started with engaging the back-office functions of GRC, what we often call the second and third-line of defense. These are the risk, compliance, security, internal control, and audit/assurance departments that manage and monitor areas of GRC day in and day out.
Over the past several years, we have seen GRC technology grow and also spread to engage the front-office of the business, as well as all levels of management. These are the people that own risk and controls and are making risk and compliance decisions throughout the day. When you think about it, GRC is not about the back-office departments of GRC but about the front-office engagement and commitment to GRC. This moved technology into the Agile GRC era that focused on usability and experience to make GRC relevant for the front-office of the business — not just the back-office of traditional GRC functions and roles.
We are now moving into the era of Cognitive GRC. This extends . . .
[THE REST OF THIS ARTICLE CAN BE FOUND ON THE RUBIQ BLOG WHERE GRC 20/20’S MICHAEL RASMUSSEN IS A GUEST AUTHOR]