Data in GRC Projects, Why Not?

Many GRC projects focus on the automation of manual data input tasks, rather than leveraging data that’s already out there in systems inside or outside the firewall. It is interesting to see the big difference between what’s technically possible, and what’s being realized in actual projects.

Technology for GRC Data Integration

Now why is that? GRC data integration technology is not horribly expensive, and the benefits are quite clear. Still, implementations are (too) scarce. I believe there are two key reasons: implementation and organizational challenges.

• The first reason, technology, is probably heard most often. Implementations are considered to be hard, long and expensive. The base technology might be affordable, but implementations take forever and require expensive data engineers. Data engineers don’t understand the business requirements, which leads to mistakes, faulty projects and projects overdue. This can all be solved by decent old-fashioned project management and to apply best practices. The scope of the projects should not be too large. The projects have to yield results in weeks or months, rather than years. This reason, not to implement data into GRC projects, can be overcome.
• The second reason, organizational challenges, is harder to overcome. Different departments in GRC have not necessarily aligned their risk languages and their GRC methodologies. However, the use of GRC data does not require the integration of GRC within departments. Data from operational systems inside and outside the firewall can perfectly be integrated into a single risk, compliance or audit program. The challenge is that this requires mature processes, understanding the value of data, and the willingness to automate. Touching a well-established compliance process is a challenge, and many have adapted the “If it ain’t broke, don’t fix it” mentality.

The truth is, current risk, compliance and audit processes are broken when they don’t leverage data. When data is leveraged effectively, cost, financial crime and risk can go down, while quality improves. If only people use the data that already exists.

Interested to learn more about how you can leverage the current data that already exists?

Watch our latest webinar about Data Feed Management with independent analyst Forrester. Watch webinar now >

---

Luc Brandts, Chief Strategy Officer at Nasdaq BWise. Luc is responsible for the definition and communication of strategy at Nasdaq BWise while continuously looking for innovative ways to grow the business. As the co-founder of BWise in 1994, he has held multiple roles, mostly serving as the company’s Chief Technology Officer. In his previous career as a business consultant, he managed projects in information technology, systems implementation, change management and business process optimization. His experience extends to industries such as financial services, government, manufacturing, healthcare and telecommunications. Luc graduated from Eindhoven University with a degree in Mechanical Engineering focused on systems design and optimization. He later obtained his Ph.D. and his doctoral thesis was on Methodical Design of Industrial Systems as an assistant professor at the Eindhoven University of Technology; after which he co-founded BWise.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.