Gone are the years of simplicity in business operations. Organizations today are evolving into more complex, distributed, and autonomous entities. While this evolution ushers in unprecedented growth and opportunities, it has also introduced challenges in ensuring consistent governance, risk management, and compliance (GRC). The digital age, characterized by its interconnectivity and advanced technological infrastructures, has added further challenges to this while also delivering GRC solutions in complex, distributed, and autonomous environments. Today’s organizations can be a complex array of distributed and autonomous businesses that still need some level of coordination and reporting centrally.
The interconnectedness of risks and compliance requires 360° contextual awareness of integrated GRC within a business and across businesses. Some organizations have an operating model that allows subsidiaries and divisions autonomy but still needs centralized consistency and reporting. Professional service firms also engage diverse organizations in a consistent framework and methodology and look to do benchmarking across clients. Across these various businesses, organizations need to see the intricate relationships of objectives, risks, obligations, commitments, and controls. It requires holistic visibility and intelligence of GRC. The complexity of business necessitates that the organization implements an integrated GRC management strategy, process, and technology/information architecture that can allow distributed and diversified businesses to work autonomously but provide some consistency in management and reporting.
Many organizations also require some level of autonomy within distributed businesses and operations while still providing centralized governance and reporting. This is also a need within professional service firms that manage a portfolio of clients in a GRC context. Organizations facing these challenges should look for technology that enables distributed and autonomous businesses to manage GRC in their context while still providing centralized governance, reporting, and benchmarking. The best reference to this is called Hub and SpokeTM GRC (note: this is a trademarked term by one vendor in the space, 6clicks, used with permission in this blog). This allows a master entity a framework for overall governance, risk management, and compliance control and engagement across a range of diverse, distributed, and sometimes autonomous entities with specific GRC needs and privacy and isolation requirements.
The use cases for this approach to GRC . . .
- Conglomerates/global holding companies/diversified businesses which need to track and manage GRC activities across a range of disparate entities businesses.
- Private equity portfolios that own a range of companies and need insight into their portfolio companies in a GRC context.
- Franchises, this one has come up a few times in the past few months, providing a consistent framework for GRC management and reporting across franchises.
- Managed services/consulting/professional service firms that have established methodologies and services for GRC-related engagements across their portfolio of clients.
- Insurance companies that must manage their brokers’ compliance (and other GRC activities) where brokers/entities can be profiled and grouped, then managed consistently to meet regulatory obligations.
- College/university campuses that house a range of entities that need to be governed in a consistent GRC context but also allow autonomy and independence.
- Hospital networks comprising a range of complex and diversified businesses that need consistent GRC frameworks applied in different contexts.
As you can see, the various use cases can continue. Many modern organizations are characterized by complex, distributed, and autonomous structures that present unique challenges in ensuring consistent GRC. Addressing these challenges requires a strategic GRC technology architecture that few solutions deliver in the space. Organizations need to be very selective in evaluating solutions that address these scenarios; those that do will ensure their GRC survival and carve out a competitive advantage in today’s highly complex business environment.
Curious about the solutions that can deliver this? Ask an inquiry of GRC 20/20 Research in our market coverage of the range of governance, risk management, and compliance solutions available in the market.