Governance, Risk And Compliance: The Importance Of Process

It has been estimated that businesses across Europe face an extraordinary 85 changes in sector-specific or generic legislation each day which impact directly on business processes. In the face of this external onslaught, it is no surprise that businesses are devoting more time than ever to ensuring compliance and understanding the impact regulatory change has on their day-to-day operations.

In many cases, such regulation is doing no more than formalising what should already be recognised as industry best practice. Yet the adoption of an effective governance, risk and compliance (GRC) strategy which effectively addresses all these issues will complex and time-consuming for many businesses.

The key to success is to adopt a process-driven approach, one which seamlessly integrates change within the organisation’s’ broader operational strategy and is fully supported by real-time reporting and audit trail.


A GRC framework enables the business to meet a range of external and internal pressures. The most common reason for its adoption is currently that of compliance management, as the organisation looks to ensure its processes are operating within the boundaries of local legislation, regulation and internal business policies.

Risk management is another driver for change, as a common GRC platform allows the business to define the right controls to mitigate the risk of failing to achieve company objectives and to install effective measures designed to reduce the consequences should they occur.

In the area of policy management, a GRC solution will support more effective corporate governance, by understanding the full life-cycle of all policies, from creation and release to an assessment of ongoing effectiveness.

Finally, audit management should enable the business to improve consistency and reduce staffing costs, by assessing quality and performance of all audit-related tasks, as well as providing a real-time overview of the company’s risk and control landscape.


The organisation will benefit from a process-led approach in a number of ways. First, by directly linking risk and controls with business processes and keeping them closely aligned to corporate objectives and policies, the business can be confident that it is fully compliant with its regulatory obligations.

By reducing conflict between the IT control departments and the broader business, the business becomes more agile, enhancing both operational effectiveness and customer responsiveness. A single unified repository across all risk and compliance areas removes wasteful duplication and guarantees consistency of data and reporting. And, by re-using business processes, compliance demands and reports via a centralised platform allows the business to adapt rapidly to new regulations, with minimum disruption to the business.

A process-driven approach to GRC will allow the business to benefit from greater transparency, consistency and efficiency. As a result, compliance management is transformed from a purely reactive activity forced upon the business to a proactive strategic management tool.

This not just fine theory. A European insurance company, which recently implemented a new internal control system based on an integrated GRC platform, is making estimated annual savings of €2.5 million and an ROI of over 150%, as it automates previously manual processes and alerts in ensuring full regulatory compliance.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Mark Rhoden has over 25-years’ experience working with leading organisations to integrate their core information systems and to improve business processes. Having started his career with International Computers as an ‘open systems consultant’, largely focusing on major Public Sector clients, he has managed software businesses in Iberia, Eastern Europe, the Middle East, South Africa and the Benelux. Over the past 12-years with Software AG, Mark has worked on large and complex “Business Process Excellence” projects across all industry sectors and is now responsible for a team of BPE experts supporting Software AG’s business and customers across EMEA.