Achieving Integrated GRC in an Interconnected Digital Age

Thomson Reuters recently commissioned Celent to conduct independent market research on integrated Governance, Risk and Compliance (GRC). The findings have been published in the report titled, “Achieving Integrated GRC in an Interconnected Digital Age.”

According to the report, key factors impacting risk and compliance executives include the need and expectation of real benefits from digital technologies, such as big data, artificial intelligence (AI) and machine learning, as well as distributed ledger technology (blockchain) to bring measurable increases in efficiency to risk management operations. At the same time, many firms are facing challenges in moving toward the future.  At a fundamental level, the report indicates that risk operations are having difficulty developing agile capabilities and continue to be hampered by inflexible technology.

Thomson Reuters commissioned the independent survey to better understand the impact of these challenges and opportunities, as risk and compliance executives increasingly face intense, enterprise-wide regulatory scrutiny around strong governance and sound internal controls. Celent undertook in-depth interviews with approximately 30 Tier 1 financial institutions across North America, Western Europe and parts of developed Asia. Most of these were structurally significant financial institutions with assets exceeding US $100 billion. Key findings of the survey include a strategic wish-list of requirements for a fit-for-purpose, integrated risk ecosystem. These requirements fall into five key areas:

·       Information & data congruence: Applications employed to capture and report information for various risk assessments and controls management activities, such as risk control self-assessments (RCSAs), key risk indicators (KRIs), risk appetite parameters and loss events. These should be connected, aligned and congruent with a firm’s taxonomy and framework

·       Adaptability: Flexible, business-user centric capabilities to respond to evolving requirements, without the need for protracted cycles of IT development, coding and testing

·       Rich visualization, usability and collaboration: Next-generation platforms should possess the ability to quickly analyse, chart and exchange operational and risk-related insights based on modern and intuitive user interfaces

·       Dynamic, event-centric and timely: Ability to support multiple modes of operation, including triggering by events and operating in near-real time to monitor and report on the state of affairs in a firm’s risk profile in a dynamic manner.

·       Open and seamless co-existence: Platform should be open and extensible enough to connect and co-exist with other non-risk IT applications (HR, sales, security) using modular, flexible interfacing mechanisms.

“There is no denying that risk and compliances professionals are calling for a personalized, integrated risk ecosystem.  Our research found that there remain many gaps in risk visibility as organizations rely on fragmented data, processes, and tools to inform risk decision making. Without effective risk management in place, it is challenging to effectively contrast risk with reward across divisions within a global organization,” said Gareth Evans, managing director, Enterprise Risk Management at Thomson Reuters. “The industry challenge and opportunity is to help ensure that risk and compliance professionals are better equipped with advanced technology to support an integrated solution designed to bring measurable increases in efficiency to risk management operations.”

“As regulatory scrutiny and cost pressures intensify, risk and compliance professionals will need to adapt quickly to advanced technology that could adversely impact their overall business models,” said Cubillas Ding, Research Director at Celent. “A next-generation risk infrastructure should therefore be modular and agile, where data and information are congruent across different risk activities with strong reporting capabilities.”

Data in the Thomson Reuters 2018 report on “Achieving Integrated GRC in an Interconnected Digital Age” is based on a survey whereby Celent undertook in-depth interviews with leading financial institutions globally to better understand the challenges facing risk and compliance executives, as well as the technology improvements that are needed to support an integrated GRC paradigm to overcome these issues. Most of the institutions surveyed were structurally significant financial institutions with assets of more than US $100 billion. The report was commissioned by Thomson Reuters; however, the analysis and conclusions are Celent’s alone, and Thomson Reuters had no editorial control over report contents.

Read and download the full “Achieving Integrated GRC in an Interconnected Digital Age” report here.