What to Expect in Governance, Risk, and Compliance

By Jon Siegler, CPO, LogicGate

In 2020, digital transformation was a top priority for IT departments. A Gartner survey of board directors found nearly 70% of board members were accelerating digital business initiatives as a result of COVID-19. With the increased focus on digital transformation came more risk for IT departments and risk management professionals to be aware of. Not only did 2020 reprioritize digital transformation efforts, but it also put the spotlight on governance, risk, and compliance (GRC) in a way we had never seen. With GRC at the forefront of many business leaders' minds, it's important to look ahead and prepare as best we can. Here are four predictions I have for what will happen this year in the GRC space.

1. Ecosystems and communities for GRC are on the rise

Ecosystems that provide risk, compliance, and cybersecurity practitioners with best practices, expert advice, and crowdsourcing of ideas will continue to gain traction. As regulations and compliance frameworks rapidly change, looking to others with a proven methodology can prove helpful. Additionally, the footprint of technologies that make up the connected ecosystem of risk continues to expand. Having easy ways to connect your GRC platform into this data allows for more automation and better informed decisions.

2. Risk as a strategic advantage

Risk has historically been viewed as a negative or simply a check the box exercise for organizations. However, as technology advances ways to more accurately measure risks, risk is becoming a key component to informed decision making. This is bolstered by the demand from executives and their boards for better insights into the aggregate risk of business units and strategic projects. Arming employees with risk data allows them to make better decisions and fosters a culture of innovation.

3. Risk quantification methods expand outside of cybersecurity

Gone are the days of overly simplistic qualitative "red, yellow, green" risk assessments. New approaches to quantifying risk in terms of dollars will continue to broaden in their application. This approach allows for easier prioritization and comparison of risk across a business. Quantification methodologies such as FAIR, which got its start in the cybersecurity world, will gain traction in broader risk management activities, such as enterprise risk management.

4. Automated control testing improves audit efficiency

Robotic process automation (RPA) has proved effective for GRC, but I expect new use cases for AI to emerge. Specifically, AI for automated control testing. Companies are regularly audited to show proof of compliance to certifications such as SOC 2 or HIPPA. This process has historically been extremely tedious requiring a highly coordinated effort from many people. By leveraging AI to automate the evidence collection process, organizations will be able to better keep up with reapplications for certifications.

GRC is no longer just a way to protect business assets, it's a business driver. 2020 reminded us of how quickly things can change. IT professionals need to be ready to help their companies pivot quickly in a safe and compliant manner. The only guarantee for 2021 is that more change will come. Investing in GRC now as a strategic advantage will ensure organizations are prepared for what this year will bring.

##

About the Author

Jon Siegler is the Co-Founder and Chief Product Officer at LogicGate. He has over a decade of experience in designing customer-centric enterprise risk and compliance systems, delivering value for organizations by reducing their risk, improving efficiency, and automating processes. Jon is driven by a passion to connect deeply with our customers' problems in order to build an amazing product that makes the challenges of risk and compliance easier.