GRC Tuesdays: Next-Generation Automated GRC and Security Across Business Processes
Some say that next-generation Governance, Risk, and Compliance – or GRC – tools will be available very soon. That’s only partially true. Some of it is already available today. No need to wait!
As I am sure you will agree, Governance, Risk, and Compliance makes the organization stronger by driving down risk and compliance costs, minimizing incidents and loss events, and providing visibility to see not only today’s threats but beyond the horizon to tomorrow’s as well.
That’s good, and commendable, of course, but the question then becomes, how do we make this process “intelligent” and work for the organization rather than the other way around.
In this short blog, I’ like to take a few examples of what customers across the globe have already achieved:
Providing secure access by uncovering potential access risks – including segregation of duties, in core business applications regardless of where they sit: On Premise, in the Cloud, or, of course, both for hybrid landscapes;
Leveraging fine-grain dynamic authorization methods to protect and mask sensitive data based on a user’s attributes, or log access to this sensitive information – via a “reveal on demand” approach where access reasons are documented so as to be retraced in the future if necessary for investigation purposes;
Using machine learning capabilities to detect internal and external threats against a business landscape and protect the company’s intellectual property and its key assets;
Automatically screen 3rd parties and business partners – not only during the onboarding process but also on an ongoing basis, and monitor specific processes like travel and expense, procure to pay, or order to cash, etc. to flag, or even block, suspicious or risky transactions and business relationships;
Automating duty optimization checks for international trade to provide the organization with the ability to react immediately to shifting trade regulations and tariffs, and drive significant savings through duty reduction and trade agreements;
Or finally, embedding business controls and checks directly within the processes to ensure not only compliance but also improve reliability and consistency across global operations.
Together, this creates an exception-based approach where processes, transactions and threats are continuously monitored, and any deficiencies are raised to the right stakeholder – automatically and in a timely manner. This makes Governance, Risk, Compliance and Security proactive so that organizations no longer react after the fact, when it’s too late.
In summary, it gives a single view of risk. And to visualize this, the SAP Digital Boardroom is the perfect platform – in my opinion, since it can leverage information from these solutions and tie it back to the company’s objectives but still allows slicing and dicing of data and further drill-down as required.
They say that data is the new oil, right? Well, if “Digital Trust” in an Intelligent Enterprise is the level of confidence in people, processes and technology to build a secure digital world, then I do think that next-generation GRC capabilities highlighted in this slide are necessary to implement Digital Trust, and protect this new oil.
What about you, what are the next-generation GRC tools and processes that you are investigating? I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard