Regardless of the current economic climate, saving money in a responsible way is a good thing. But these days many companies are looking to E-GRC and document management software to improve efficiency and lower costs.

In this guest article, Steve Schlarman of Archer Technologies asserts that you can reduce costs without compromising your governance, risk and compliance (GRC) structure. Let's have a look.

The Three Amigos: Cost, Efficiency, Flexibility

Cost Management, Efficiency and Flexibility have always been prevalent themes in business. In the risk and compliance management space, these three trends have come to the forefront: reduce costs, improve operational efficiency and utilize flexible frameworks as the basis for building sound programs.

Many companies have turned to a risk and compliance management strategy and supporting infrastructure that can grow with their organization as their needs change. Using this platform approach to GRC not only increases efficiency and drives down cost, but also ensures that the demands of the risk and regulatory landscape are met today and tomorrow.

Increasing demands and the pressure to be compliant with so many regulations can make preparing for audits a full-time job. The majority of time and resources can be dedicated to the preparation for audits and reporting drawing focus away from the risks and remediation needs.

GRC strategies look to streamline these efforts and manage risks more efficiently. As Mike Rasmussen, President of Corporate Integrity states, “Organizations today need to invest in processes and technology that enable sustainability, consistency, efficiency and accountability.”

Don’t Get Scissor Happy

While we are all trying to cut costs, it is important to understand the factors and end results associated with reducing risk management programs when deciding where and how much to cut. All too often compliance is overlooked as a key piece of the risk landscape when it is critical for the success of a GRC program.

A GRC platform that brings compliance and risk management together can not only bring efficiencies to your organization but also, can be leveraged to understand the impact of cutting costs. When looking at areas to cut, it is necessary to understand the future impact from a risk and compliance perspective. Reducing investments in the GRC areas may have short term gains with serious long term impacts. Better business decisions can be made when risks are put into perspective and the quality of risk data is improved. These types of decisions must be weighed carefully.

[Editor's Note: See our related articles: 7 Success Factors for Effective GRC.]

It's a Balancing Act

Finding the right balance of controls stems from a well-run risk management process. Before deferring investment in new technologies and reducing staff, the risks associated with these reductions have to be understood. Designing controls around these risks can ensure that reductions aren’t met with increased risk in business-critical functions.

Companies should be careful not to continue with manual, siloed risk programs as they may get the job done, but at an even greater cost. Companies that have switched to an automated GRC approach have found analysis that previously required months of research can be done in minutes - and with much greater detail. Automated GRC technology can streamline policy management, while taking into account compliance controls.

Getting the Bang for Your GRC Buck

There are three main categories of GRC initiatives to consider:

  1. GRC Research and Development is based on understanding regulations, risk management approaches and control frameworks and mapping the relevant business requirements to the company’s operations.
  2. Governance and Policy Management is focused on properly communicating and enforcing governance and risk management policies and controls across the enterprise.
  3. E-GRC Management and Reporting measures the overall corporate environment against established controls emphasizing reporting and analyzing trends, as well as remediating risks and incidents with mapping back to root causes.

Don’t just cut investments in GRC technology without looking at the bigger picture and preparing for the inevitable question about what bang you are getting for your buck. By identifying cost savings and improved operational efficiency, you can justify the cost of GRC technology and demonstrate rapid ROI. Even modest GRC programs can be very expensive when they are based on manual processes and niche technology solutions.

You will dramatically increase your ROI by taking a holistic approach to GRC and tying all of your GRC initiatives and resulting intelligence into one, comprehensive platform.

[See the article Records Management in a Web 2.0 World for a discussion about how records managers need to provide leadership around emerging Web 2.0 technologies.]

What Does it All Mean?

Thinking strategically and establishing a scalable framework to meet future requirements is a lot more beneficial than one-off, “quick fix” remediation plans. E-GRC technology can replace disparate, inefficient, manual tools and processes. If GRC technology keeps business users in mind, workflow, real-time reporting and enterprise integration will save time and cut costs. Organizations can be run lean, but still be effective, with E-GRC technology and automation.

Managing a lean organization is easier when an enterprise-wide, technology-supported program is enabled. To leverage knowledge throughout your enterprise, controls must be managed and collaboration increased. Automation is a key factor in managing and communicating policy adherence. So when you can’t decide what to cut, what to keep and where to invest, think about both the risks and the rewards.