Authored by Shankar Bhaskaran, Managing Director – India, MetricStream
As the world steps up its efforts to stay resilient, businesses are increasingly being held to higher standards of accountability. With an emphasis on ESG reporting, sustainability has become as important as profitability, as a business objective. Boards and leadership teams are starting to acknowledge the need for better governance, risk, and compliance (GRC) strategies to counter risk and ensure business continuity.
A recent survey by OCEG, a global, non-profit think tank on GRC, revealed that 70% of organizations reported new GRC challenges from having employees working remotely. Moreover, 60% of organizations responded that increased data privacy and cybersecurity regulations drove significant changes to their approach towards GRC.
The events of the past two years have highlighted the need for rapid response capability to risk. Business leaders have understood that to thrive in the post-Covid world, organizations need an integrated approach towards governance, risk, and compliance that will help them become more resilient, risk-aware, and better-governed enterprises.
The Three Dimensions of Risk
The risk landscape is expanding. Business risks are emerging today from globalization, cyber breaches, health crises like COVID-19, and even climate change. There are three dimensions to the risk universe that C-suite executives should be well-versed with. Understanding risk within these three dimensions will help business leaders successfully navigate the expanding risk universe with an agile and innovative mindset.
The First Dimension – The 4 big risks that every organization faces today
Technology has enabled greater interconnectivity between businesses across the globe. While this has ushered in rapid business growth and prosperity for companies, it has also opened the doors to financial risks. In an interconnected global financial ecosystem when one company fails it can trigger a domino effect of financial failures that can bring down several firms, causing a global financial crisis. This was evident in the global crisis of 2008 where seemingly impervious financial corporate giants were instantly obliterated. Protecting itself against these kinds of global, macroeconomic risks is now essential for every organization.
2.Cyber Risks
As companies expand their digital footprint, they become more prone to cyber-attacks. The increasing amount of data from IT security monitoring and performance tools makes them more vulnerable to potential cyber threats. A survey in 2020 showed that Indian companies experienced a 25% jump in cyber threats during the pandemic. It brought to light the cybersecurity challenges companies had to deal with as people started working remotely. Cyber-attacks are now a danger to businesses, with hackers relentlessly focused on gaining access to personal and corporate information. CISOs need to ensure that the right data privacy and security standards are in place.
3.Health Risks
The pandemic brought to the forefront risks associated with human health. The closure of manufacturing plants, restaurants, retail establishments, and other places of business to limit the spread of COVID-19 resulted in unprecedented business interruption and financial losses. Organizations need rapid response mechanisms to mitigate risks and prepare the organization for crisis of such scale.
The world is increasingly besieged by hurricanes, floods, wildfires, and many other natural disasters brought on by climate change. These events are also taking an economic toll on businesses around the world. Organizations need to take radical steps to prevent environmental degradation. It has become necessary to put processes in place that can ensure sustainable growth. The Indian government gained a global appreciation for announcing the net-zero goals at CoP26 concluded last year. Since then, the government has been taking several steps to reduce the country’s carbon emissions.
As a step towards encouraging sustainable business practices, it brought in the new environment, social and governance (ESG) reporting provision for 1000 companies that top the list in terms of market capitalization. This is a good move to get more companies to embrace sustainability goals and to reduce their carbon footprints. However, most companies still fall short of meeting the global standards that makes the public and investors question the credibility of the businesses. What companies need is a robust set of sustainability-related reporting standards to enable investment.
The Second Dimension: Key Stakeholders
The risk landscape is getting increasingly complex with multiple risk avenues emerging. In such a scenario, organizations need to empower key stakeholders, such as employees, partners, customers, and vendors to harness frontline intelligence and make real-time, data-driven risk-aware decisions.
Employees:
Employees are the first and foremost stakeholders of organizations, and they must be closely involved with their organization’s GRC initiatives. A large pharma company, for example, crowdsourced its new code of ethics based on shared ideals and insights from more than 2,500 global employees. The effort was not driven top-down but rather bottom-up.
Third- and fourth-party vendors:
Third parties, such as vendors, suppliers, and customers, are the next key stakeholder group. These partners must be a part of the organization’s GRC strategy. Organizations need to enable a comprehensive process to identify, assess, mitigate, and monitor third-party risks, as well as improve third-party and fourth-party risk visibility with quick, frequent risk assessments.
AI Technology:
The next emerging GRC stakeholders are not humans but AI and bots. Many companies now have thousands of bots and virtual agents to help run their operations. These agents can’t be ignored. Indeed, the next big risk event could be caused by technological malfunction, whether due to malicious design or an accident. AI cannot be left alone as an ungoverned activity.
The Third Dimension: Federation and Flexibility
Organizations built on the foundations of federation and flexibility are more agile. Federation means having a decentralized architecture. Leadership across all the business units and regional groups must be empowered to make critical decisions. Flexibility is the ability of the business to evolve rapidly and adapt to changing environments. This can be achieved if the business is supported by common goals across all functions of the enterprise and technology-enabled metrics.
A connected GRC approach provides a unified view of all three risk dimensions
Business leaders need a comprehensive risk-management platform that can give them a unified view of risk that encompasses all four waves of GRC and every stakeholder—as well as emerging technologies like AI.
An integrated approach to GRC is the key, to bringing everything together. When powered by AI, a Connected GRC software provides an overarching framework for companies to work within—from compliance to IT security, legal functions, insights, and audits. AI creates a powerful mechanism for companies to best protect themselves from emerging threats. These integrated programs foster collaboration, critical insights and intelligence gained both from new age technology and human observations. When utilizing AI correctly, employees can see the bigger picture, connecting the dots through large data sets that were previously overwhelming to manage.
When GRC is viewed as a competitive advantage rather than a checklist item, that’s when companies can not only stay in alignment with sustainability processes but can also inspire trust and build a positive relationship with customers, investors, and stakeholders, which is an essential part of organizational growth.
