About BWise


Data in GRC projects – Why Not?

June 30, 2016 by
Filed under: General, Governance, Risk and Compliance

Many GRC projects focus on the automation of manual data input tasks, rather than leveraging data that’s already out there in systems inside or outside the firewall. It is interesting to see the big difference between what’s technically possible, and what’s being realized in actual projects.

Technology for GRC Data Integration

Now why is that? GRC data integration technology is not horribly expensive, and the benefits are quite clear. Still, implementations are (too) scarce. I believe there are two key reasons: implementation and organizational challenges. 

  • The first reason, technology, is probably heard most often. Implementations are considered to be hard, long and expensive. The base technology might be affordable, but implementations take forever and require expensive data engineers. Data engineers don’t understand the business requirements, which leads to mistakes, faulty projects and projects overdue. This can all be solved by decent old-fashioned project management and to apply best practices. The scope of the projects should not be too large. The projects have to yield results in weeks or months, rather than years. This reason, not to implement data into GRC projects, can be overcome.
  • The second reason, organizational challenges, is harder to overcome. Different departments in GRC have not necessarily aligned their risk languages and their GRC methodologies. However, the use of GRC data does not require the integration of GRC within departments. Data from operational systems inside and outside the firewall can perfectly be integrated into a single risk, compliance or audit program. The challenge is that this requires mature processes, understanding the value of data, and the willingness to automate. Touching a well-established compliance process is a challenge, and many have adapted the “If it ain’t broke, don’t fix it” mentality.
The truth is, current risk, compliance and audit processes are broken when they don’t leverage data. When data is leveraged effectively, cost, financial crime and risk can go down, while quality improves. If only people use the data that already exists.

Interested to learn more about how you can leverage the current data that already exists? Watch our latest webinar about Data Feed Management with independent analyst Forrester.

Tags: GRC

More Information

Nasdaq Offices

What is GRC?

Read the definition of Governance, Risk and Compliance

Gartner ORM report

Nasdaq's BWise has been positioned as a Leader in Gartner's Magic Quadrant for Operational Risk Management Report, 2016. 

Forrester report

Forrester positioned Nasdaq BWise as a Leader in New Report, The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2016.

Why BWise

Download the brochure: Three Key Reasons why Hundreds of Customers Rely on Nasdaq BWise.

Scroll up