Blog

How to Thrive in an Ever Changing Industry: Growth, Challenges and Misconceptions around GRC and ERM

Posted by Ece Karel on November 3, 2021 at 15:56

9764108660?profile=RESIZE_710x

In this week's blog post, we're sharing insights on our latest interview with Scott Bridgen, the global lead of GRC and Integrated Risk at OneTrust, which is the #1 fastest-growing company on Inc. 500 and the category-defining enterprise platform to operationalize trust. More than 10,000 customers, including half of the Fortune 500, use OneTrust to make trust a competitive differentiator, implementing central agile workflows across privacy, security, data governance, GRC, third-party risk, ethics and compliance, and ESG programs. Their ground up or bottom up approach starting at a really granular asset and data level, which privacy obviously focused on, gave them a unique perspective, hence their growth acceleration and continued trajectory. Our topic for today is GRC and Enterprise Risk and concepts around it.

Driving Organic Growth in GRC

For any of our readers out there who are considering starting or scaling their business on GRC or privacy, we wanted to also share some methods on starting and scaling a company that can drive growth effectively. The first and foremost important thing to ensure growth in any field or company is the vision of the founders and the CEO, and how they can reflect it to the whole team. In OneTrust's successful case for example, they created something that can allow privacy and GRC matters to be managed and maintained easily, as at the time, especially from a technological side of things, were not as developed for the traditional understanding of GRC. From there on, this vision was spread into other related fields such as security and ethics and compliance, ESG business risks, and traditional enterprise operational and audit compliance. Using such a bottom up approach starting at a really granular asset and data level, can give companies a unique perspective, allowing growth acceleration and continued trajectory.

According to Scott, the biggest driver of growth in these fields is also trust.  With all the recent developments such as the pandemic, as well as the social economic, political, environmental threats, the world has accelerated into a higher level of mistrust. Additionally it's very difficult to find impartial information in the modern day of the internet and on public media. From this perspective, companies need to put their best efforts to be trusted. If you don't have a good privacy, vendor or enterprise risk program, looking at those systemic risks and what can cause the company could become difficult to manage. 

Adding actual value is another important factor driving organic growth. Whether it is acquisitions, collaborations or customer relations, you need to have strategic relationships. This means understanding the problems of the other party and providing them with relevant solutions that can add significant value. Additionally, you can take a very tactical approach and focus on your strategic positioning companies. 

Current Status of GRC and ERM

The market is shifting in a way that is changing the traditional understanding of how things work out. Customers want a little bit more than just customisable forms or workflows, and they require something more out of the box, in forms of convenience as well. For example, no matter if it is a small or a large consultancy, you need to not only build programs that are best suited to the client, but you also need to bring them solutions already configured as well.

Additionally, it is critical to understand the different approaches on risk management. The trend on compliance-based approach in general or even the long lasting debate between quantitative and qualitative risk management makes it rather difficult to accommodate for each type of situation or client. Considering the traditional approach of many risk management professionals, it is also becoming increasingly difficult to encourage a lot of professionals to stay up to date by starting to innovate and implement the latest available tools and resources. In reality, this means you need to give flexibility, meet and match the customer's maturity and what they want and where they are likely to want to be. 

Challenges and Misconceptions Around GRC

There are a few recent challenges companies need to proactively address in their compliance and risk management. One of the biggest challenges is readiness and cross functional collaboration. When it comes to utilizing technology to support companies in risk, making the move to grow instead of relying solely on technology, especially on topics such as taxonomies scoring, methodology approach, workflow ownership, trusting, and uninteresting betas will continue to be a big challenge that companies might face.

When it comes to misconceptions, there are a few as well, one of them being that enterprise risk belongs as a function of audit. We are beginning to see a significant shift of enterprise risks towards not being a function of audit in recent developments. As we are seeing ERM managers trying to become the first line communicator in forms of a diplomat or a translator, this could be a factor in such change. In accordance, enterprise risk being a function outside of audit means that someone can spend that time, linking it to long and short term objectives and metrics. Although all of these different concepts have been around quite a while, companies have just started finding value in them. This allows companies to also properly  focus on an objective-centric risk, make more profits, deliver more widgets, get more 

Takeaway Points

Biggest takeaway point Scott shares with us is "thinking big and starting small". Amongst many topics, this mentality of course applies to GRC as well. From a consultant or a solution provider stand-point, this comes in many forms, such as clients having too high expectations on what the cross-functional tool can achieve without providing valuable data. In most cases, as great as it is to have great aspirations, the company needs to start with a baseline. Start at an asset level, know your data and know where everything is because everything fundamentally in this day and age is powered by it or owned by the digital world. This allows the risk team working in the company to have a good understanding of the actual status of the business operations as well. We predict that starting from an extensive but base level will also help businesses adapt better into the future technological advances or newer tools, such as AI rather than having an all set package without properly sorting out the basics.

Organizations should be also taking proper advantage of utilizing all the data lives outside of what they are currently aware of and use GRC tools actively for interpreting, providing value via indicators in this indicator driven world. They should be also looking to try and incorporate some level of standardization, even at just some basic levels and basic aspects of it. At the end of the day, although the terminology, regulatory or the compliance aspects between industries might be different, the core concept of risk never changes and will be ever present in any industry. 

 

Closing Words

For now, this sums up the key points of our interview. As the Global Risk Community team, we once again thank Scott Bridgen, for his insight on GRC and ERM. More information about this topic is available in our original interview, which is accessible here.

#risk #erm #grc #growth #management #business

Views: 198
Votes: 0
E-mail me when people leave their comments –
Follow
Posted by Ece Karel

Ece Karel - Community Manager - Global Risk Community

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

FEATURED BLOG POSTS

LATEST BLOG POSTS

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead