Man and women looking at computer screen

New Ways of Thinking about GRC Strategy, Part 3

December 14, 2021

By Erin O'Hern, VP of Strategic Initiatives

The disciplines of governance, risk and compliance (GRC) have evolved exponentially since the COVID-19 crisis. Like nearly every other function of an organization, GRC had to adapt to quite a few unprecedented challenges.

A few definite bright spots were left in the wake of the pandemic. Among them, better use of technology and a stronger appreciation for time with colleagues. Continuing our series on new ways to think about GRC strategy, we look at how these two positive outcomes have revamped the way GRC pros work.

Tech Moves GRC out of ‘Messenger’ Role

Even before the chaos of the pandemic, regulated organizations often struggled to address the full list of exam findings in time for the examiner’s next visit. There were many reasons for this, not the least of which was oversight. When the list of findings is long, so too is the list of people responsible for correcting them. Chasing down 10-15 different individuals for status updates can be a nightmarish task for GRC pros, especially those already under water from their day-to-day responsibilities.

The acceleration of digital tools in GRC has helped tremendously in this regard. Compliance management software, like ViClarity GRC, keeps all status updates in one cohesive screen. No more running down department heads for one-off reports that require additional follow-up down the road.

Even better than a centralized hub, many of these tools come loaded with automation features that send reminders to designated individuals. This alleviates the need for GRC to act as the messenger everyone wants to… well, you know.

Even if the organization is not successful at checking every box on the list of findings, examiners can see a good faith effort and progress simply by reviewing reports generated by the software.

Quieting the Hems and Haws of Tenured Volunteers

Arguably more than ever before, professionals have a deep gratitude for time with colleagues. The disruption of remote work and the pressure of reimagined services took a toll that made many of us appreciate the camaraderie that comes from working as a team.

Board members experienced much of the same interruption in their volunteer experiences as staff did in their working ones. Now that many organizations are bringing their boards back together in-person, there’s an intensified desire for stronger collaboration and more meaningful conversation. Think of your own board. Would members rather spend time reviewing minutes from the last meeting or having an enriching discussion about the future of the organization?

Here again, technology is turning ideals into reality. Board management software automates distribution of board pack-style materials in advance of meetings. Volunteers with access to this kind of system check off housekeeping tasks before they even enter the board room or log on to the virtual session.

As a bonus, tracking features within board management software show administrative staff and leadership which volunteers have reviewed the documents. This is helpful for a couple of reasons. First, it lets executives understand which of their board members are engaged to the level they require. Second, it provides proof of an engaged board to examiners, who are increasingly interested in evaluating board involvement.

 Board volunteers often get a bad rap for not loving the experience of learning new technology. However, when board members can correlate new software with more time for collaborative strategizing, the standard hems and haws tend to quiet.

Machine and Human Collaborate for Better Complaints Management

While we’re on the subject of hems and haws, let’s wrap up our blog series with some thoughts on complaint management. This is another area of GRC that’s been significantly reprioritized over the past two years. Examiners are hot on the trails of organizations without defined complaints management processes in place.

In terms of how organizations are thinking differently about complaints, we’re seeing two distinct areas of focus: tracking and resolution. Each of these areas benefits from both the integration of technology and dialogue with colleagues.

Technology assists by enabling easy categorization of inbound complaints, as well as centralizing access to all complaints received. Some of the more sophisticated tools also search for and identify patterns within the content so strategists can more easily spot areas that need addressing. That’s where the human element becomes important; people can make sure resolution activities are prioritized appropriately Keeping an historical record of that investigation and the eventual resolution is where technology again becomes a strong ally to the GRC pros behind the software.

Investing time and energy in GRC best practices is about so much more than achieving operational refinement and efficiency. Operating at the highest levels elevates the strategic power of GRC in the minds of executives, boards and other influential personas with the organization.

While GRC pros can’t integrate new tools and procedures all at once, there are small tweaks they can roll out individually over time. Hopefully some of the ideas in this series got you excited about making tiny changes for big impact within your own organization.

In case you missed our first articles in the series, “New Ways of Thinking about GRC Strategy,” read them here:

Part 1

Part 2

Services performed by ViClarity are compliance and not legal in nature, and do not form an attorney-client relationship or any of the protections attendant to the attorney-client relationship.

Back

Recent/Related Articles

Why the Great Resignation Spells Trouble for Governance, Risk and Compliance

December 20, 2021

Check out Darron Dunn’s recent article with CUInsight and read how the Great Resignation spells trouble for governance, risk and compliance.

5 Tricks for Managing Compliance across State Lines

October 29, 2021

In an ever-changing regulatory landscape, it’s becoming increasingly difficult for organizations to stay up to date on regulatory compliance requirements. In response to increasing demands from regulators, governance, risk and compliance (GRC) teams are devoting exponentially more resources to monitoring business actions for compliance. This is especially true for GRC leaders who manage compliance across multiple US states.