Exploration costs for major miners can exceed 50% of their expenditure on an annual basis. Think about that fact: The cost of identifying where the target commodity lies can exceed the actual cost of harvesting the commodity, on an annual basis. If you were a miner, imagine the incredible value of knowing where exactly where your target commodity was, without having to undertake a resource intensive exploration process.
When it comes to GRC in an organisation, the commodity is data. Like miners, many organisations are forced to engage in resource-intensive exploration processes because their data is scattered across the organisation, in multiple systems, with little understanding of what data exists let alone the capability to easily access it. Unlike mining where there is not currently a viable alternative to exploration, organisations can eliminate the need for “exploration” when it comes to GRC data.
What would an organisation have to do to achieve this value state? There are three simple principles that, if implemented, will deliver this outcome:
- One GRC tool, spanning the organisation, per GRC process (e.g., one non-compliance recording mechanism irrespective of the compliance framework and/or business owner/s).
- Meaningful multi-way linkages between all GRC tools, processes, and data (e.g., projects are linked to relevant corporate strategies, deliverables, KPIs, risks etc. with all relevant data linked and accessible via any of the relevant GRC elements).
- Single-source-of-truth for all GRC data combined with efficient reporting and data visualisation tools capable of providing all stakeholders with meaningful data and actionable insights as and when required.
Doing GRC better delivers value at all levels of an organisation and reduces the resourcing requirements. Instead of focussing on locating the value, the paradigm shifts to harvesting and leveraging the value. #Doing GRC Better
This article was written by Zane Edwards, Global Director of GRC at LighthouseGRC. Zane is a chartered accountant and has 20 years experience in Government and Private sector GRC management. Not only is he passionate about the digital transformation of governance, but he is also a skilled and influential communicator with extensive national and international experience in a variety of channels, including conferences, radio, television, and video.