On June 21, audit, risk and compliance professionals gathered at Fullerton Hotel in Singapore for a one-day event to share their in-depth experience, expertise, challenges faced, and vision for the GRC landscape.
Industry leaders, including Michael Rassmussen of GRC 20/20 Research, Marie van der Burgt of Macquarie and Yasumi Taniguchi of Protiviti Japan, joined thought leaders from ACL to discuss topics surrounding how GRC fits into the evolving business landscape. Also discussed was how data is at the heart of risk, and how effective and agile GRC management programs can be created.
Empowered with a greater understanding of how to make their departments better able to mitigate risk, attendees left the conference with many ideas to implement back at the office. To summarize, here are five key highlights from GRC LeaderCon Singapore:
1) The chaos of interconnectedness poses challenges for today’s GRC professionals.
With the proliferation of the internet—and more devices and people connected to the web—risk has also increased. Some trends that have given rise to increased risk include fast-evolving regulatory changes, constant technological developments, growing numbers of third-party relationships, and the complexity of cybersecurity threats in today’s sophisticated landscape.
2) Like a piece of music is to its points of harmony and tension, unified GRC is to common processes and different responsibilities.
To perform governance, risk management, and compliance (GRC) activities, departments cannot function in independent silos, even though they may specialize in different areas of risk. The IT department’s focus may be on cybersecurity, while the finance department manages finance risk. However, the hazard is that this leads to the creation of separate ecosystems, with each department having its own risk culture and practices, or worse, the duplication of risk mitigation efforts. This is why all departments must collaborate with a unified vision of GRC management.
3) Data analytics is not just about hard skills, but also soft skills.
The soft skills and critical thinking abilities of employees can never truly be replaced by automation. Data analytics, by itself, will not make GRC processes more holistic. The gut feel, professionalism and analytical abilities of GRC experts is what spots how anomalies and potential areas of risk tell a story. This is why the management of organizations must harness these soft skills among GRC teams and invest in their training.
4) Investing in the audit planning phase will go a long way.
Spending some extra time and investing money in the audit planning phase can make fieldwork and results more impactful. Investing in new technologies, for instance, is just one of the many best practices organizations can adopt when it comes to improving audit planning.
5) A challenge for management is determining how much uncertainty and risk a company is ready and able to accept.
There is a fine distinction between taking the plunge and drawing a line as to how much risk a company can shoulder. Management should work with their teams to define a blueprint that’s both extensible and scalable to meet the changing needs of their industry. Management must find a way to work with the entire GRC organization to determine how much risk is too much
Published with permission from ACL Services