Data in GRC projects Why Not?
Many GRC projects focus on the automation of manual data input tasks, rather than leveraging data thats already out there in systems inside or outside the firewall. It is interesting to see the big difference between whats technically possible, and whats being realized in actual projects.
Technology for GRC Data Integration
Now why is that? GRC data integration technology is not horribly expensive, and the benefits are quite clear. Still, implementations are (too) scarce. I believe there are two key reasons: implementation and organizational challenges.
- The first reason, technology, is probably heard most often. Implementations are considered to be hard, long and expensive. The base technology might be affordable, but implementations take forever and require expensive data engineers. Data engineers dont understand the business requirements, which leads to mistakes, faulty projects and projects overdue. This can all be solved by decent old-fashioned project management and to apply best practices. The scope of the projects should not be too large. The projects have to yield results in weeks or months, rather than years. This reason, not to implement data into GRC projects, can be overcome.
- The second reason, organizational challenges, is harder to overcome. Different departments in GRC have not necessarily aligned their risk languages and their GRC methodologies. However, the use of GRC data does not require the integration of GRC within departments. Data from operational systems inside and outside the firewall can perfectly be integrated into a single risk, compliance or audit program. The challenge is that this requires mature processes, understanding the value of data, and the willingness to automate. Touching a well-established compliance process is a challenge, and many have adapted the If it aint broke, dont fix it mentality.
Interested to learn more about how you can leverage the current data that already exists? Watch our latest webinar about Data Feed Management with independent analyst Forrester.