Business is complex. Gone are the years of simplicity in business operations. Exponential growth and change in risk, regulations, globalization, distributed operations, processes, competitive velocity, business relationships, disruptive technology, technology, and business data encumbers organizations of all sizes. Keeping complexity and change in sync is a significant challenge for boards and executives, as well as governance, risk-management, and compliance professionals (GRC) throughout the business.
GRC cannot be managed in isolated silos that lead to the inevitability of failure. This is what I call ‘anarchy’ architecture where decentralized, disconnected, and distributed GRC processes catch the organization off guard to risk and exposure. Complexity of business and intricacy and interconnectedness of GRC requires that we have an integrated approach to business systems, data, and GRC processes. However, the opposite is also a challenge: ‘monarchy’ GRC architecture. In this approach the organization takes a one-size-fits-all approach to GRC and tries to implement GRC processes through a single GRC platform all are required to use. This forces the organization to adapt and manage GRC to the lowest common denominator.
