This is a topic that comes up often in our discussions with prospects and customers. Today, GRC is approached from a business unit perspective by many companies, not from an organizational holistic perspective. The end result is redundant and disparate processes, resources and tools littered throughout the organization. This disjointed approach naturally results in wasted time and dollars as each department struggles with the same problems in different ways.
HR may have one system for managing their policies and procedures, the workflows around them, and the evidence of compliance while IT uses a completely different system for managing their IT policies and procedures, workflows and evidence collection. Multiply this across an organization, HR, IT, HSSE, Legal, Finance, etc. and it is little wonder that many companies find the cost of compliance to be so high.
How can an organization reduce these costs? Implement a regulation and standard driven, top down, industry or vertically integrated GRC solution within their organization. This will reduce costs in three distinct ways:
1) Reduced resource costs. Moving to a unified approach, fewer people can accomplish the same or better results with greater efficiency.
2) Reduced licensing costs. The combined licensing costs of multiple point solutions within an organization almost always outweigh the licensing costs of a single enterprise solution across the organization.
Reduced risk and reduce the costs of non-compliance. Leveraging the same solution across all business units allows for greater degree of unified risk management. Unified risk management through cutting edge regulatory compliance software allows for a greater degree of prioritization and mitigation across the entire enterprise, essentially allowing for a laser-like focus on those risks that have the potential for the greatest impact upon the organization, be they financial, environmental, legal or reputational.
EmoticonEmoticon