What does “Agile GRC” Mean to Risk Management?
When you want to learn something new about your industry and profession, who do you turn to? For experienced members of the GRC community and newcomers to the world of risk and compliance, you can start with Michael Rasmussen and Tom Fox.
In a recent edition of Rasmussen’s email newsletter, an idea caught our eye that we wanted to spotlight: the rising importance of user experience (UX) in GRC software and how design and functionality intersects with the value your team, stakeholders and customers can derive from it. These attributes are foundational to what he’s calling “GRC 4.0” – but whatever name you use to describe the current state of risk and compliance software, the core pillar that defines it is agility.
According to Rasmussen, the concept of “agile GRC” is “the capability to engage the entire organization on GRC and do so at a much lower cost of ownership of technology than we had in the past.”
“Agile GRC is about the front office of the organization as much as it is about the back office GRC functions in the business. Frontline employees are making risk, compliance, and control decisions that impact organization strategy, objectives, and performance every day. Agile GRC is focused on bringing technology and engagement on GRC to the front office as well as the back office,” Rasmussen states.
The fundamentals of this concept are simplicity and usability, which we already experience, knowingly or unknowingly, at the heart of most technologies we use every day. Many of our expectations for enterprise technology and software are shaped by personal consumer devices and interfaces. Over time, these best practices become adopted within business-centric solutions.
Rasmussen identified the key factors that define an agile GRC solution and differentiate it from previous iterations of the software and technology that have been used to manage risk and compliance with varying degrees of success over the past two decades.
- Usability (a modern user experience)
- Cost of ownership (monetary and time-base value)
- Configurability (flexibility for users)
- Scalability and adaptability (grows with the business)
- Integrations (works with APIs and cross-functional data/tech)
- Analytics (reporting and dashboards)
- Automation and future-proofing (a roadmap for AI adoption)
Rasmussen isn’t the only industry analyst to consider the opportunity of an agile concept in risk and compliance technology. Earlier this year, Tom Fox discussed “The Round Table and Agile Compliance” in the context of the legend of King Arthur and an HBR article about the agile C-suite.
“The function of an agile team is to create profitable, innovative solutions to problems – come up with a new service, devise a better business process, or develop an advanced technology to support new offerings. Yet it is done with input from the customer or end user. In every company the end users or customers are the employees. The advantage that agile brings is that it forces the compliance function to test its new product or service with a part of its customer base,” Fox writes. “What an agile solution brings most readily to compliance is continuous feedback.”
As SAI Global continues to evolve and build new risk and compliance solutions on our own SAI360 platform for organizations worldwide, we’re thankful to Rasmussen and Fox for identifying an opportunity like agile GRC that we can aspire to achieve and exceed. We’ve been in the GRC business for many years and still wake up excited by the possibilities of what we can do to support customers. Stay tuned for updates from our team in 2021 to see what we’ve been working on.