In June, RSA Archer celebrated its 10th annual Summit bringing together GRC professionals from around the world. The cooperative spirit, collaboration and knowledge sharing of this event are truly wonderful things about RSA Archer community. The fact that so many GRC practitioners come together to share ideas, explore new approaches and learn from each other is the reason RSA Archer has the most influential and celebrated GRC community. As part of the event, we held an Executive Forum bringing together leaders from multiple companies and industries to discuss top-of-mind issues, strategies and challenges. Last year, we issued a report on the key findings from the forum and I am pleased to announce the release of this year’s report.
The findings in the report speak volumes on the challenges facing companies today. Last year’s report had a clear emphasis on overall risk management and building the business cases for investment in improving GRC processes. This year’s forum tightened the focus on a major risk affecting all organizations – the change in the regulatory environment. Regulatory Change is a significant discussion in many organizations and a fundamental piece of a GRC strategy. Companies are finding regulatory related processes require new strategies evolving towards more fluid and dynamic approaches.
One takeaway that is interesting is the theme around ‘decentralization of GRC’. While we continually speak of the value GRC can bring an organization by breaking down silos, this does not imply that the silos must be brought together into some uber-GRC function. Risk and Compliance is a complex challenge and engaging individual business units – especially for those geographically or business diverse companies – is a critical point. Noted by several participants, the rate of change of regulatory pressures affecting local business operations requires some decentralization of roles and responsibilities but with the important connection to a broad, enterprise strategy.
Another key finding related GRC to performance measurement and making the value of GRC processes tangible and demonstrable. The “So What” factor outlined in the report is of particular interest for those companies that are getting lukewarm reception from the business when risk and compliance processes need to be adjusted. Connecting GRC with improved performance is a common thread. In fact, we used “Business Optimization” as the end output of the GRC program in our own RSA Archer GRC Reference Architecture that was produced in collaboration with our Customer Advisory Council. The Executive Forum Key Findings report further highlights the importance of the end goals of any company’s GRC strategy.
Thanks must go out to the many RSA Archer customers that participated in this year’s forum. The leadership and vision articulated by the participants during this year’s discussion is invaluable in capturing this relevant and compelling snapshot of the GRC world.