In his post on the Gartner Blog Network, “Digital GRC: The Dawn of a New Era,” John Wheeler predicts that a new ecosystem of governance, risk and compliance (GRC) technologies is poised to disrupt the current thinking about and approaches to GRC. He defines digital GRC as the emerging software applications such as document management solutions that address the challenges posed by hybrid cloud infrastructures, social media, mobile devices, big data, and the Internet of Things (IoT).
The article reflects the growing importance of risk-based thinking, assessment and risk mitigation. Businesses can no longer thrive by tracking and analyzing problems; demand has skyrocketed for predictive tools and technologies that help identify and mitigate risks before they impact business continuity or compliance.
The Digital Disruption for GRC
According to a Gartner survey mentioned in Wheeler’s post, “65% of CEOs see their risk management disciplines falling behind” in today’s age of digital information. The challenge stems from the rapid rate of progress. The same technology advances that have expanded markets and global opportunities have complicated GRC beyond the old standard of ‘document control’. Businesses are more connected than ever, and digital information has become much more prevalent and dispersed.
Since traditional GRC methodologies and oversights break down rapidly when digital information travels beyond the firewall and into the cloud or onto a smart mobile device, businesses need tools that are tailored for the digital world. Symptomatic of the lack of adequate tools, many organizations are grappling with “shadow IT” or the deployment of unsanctioned tools.
Document Management Helps Bridge the Gap
Rather than adopting a passive attitude about digital GRC, businesses can immediately take steps to mitigate risks and build a smarter foundation for future tools and approaches. A document management solution (DMS) with integrated support for process workflows can automate the oversight of digital assets inside the firewall as well as in the cloud or on mobile devices.
As a foundation for the organization’s information architecture, a best-in-class DMS can benefit many GRC-related tasks and processes. Tighter controls and improved visibility over compliance-critical documents mitigate numerous risks. For example, centralizing digital assets and providing a single, secured copy of all content avoids the temptation for employees to engage in risky behaviors such as duplicating or copying sensitive content to their mobile devices. The faster searches that result make it efficient and easy for employees to do their jobs, and also make it possible to locate and track all sensitive content and assets relevant to GRC.
Other GRC-friendly DMS features include the ability to tag content, which makes compliance documents and evidence files extremely visible and facilitates automated management of those GRC assets. Tagging also creates relationships between various types of GRC content and supports a broad range of automated functions and tasks that can be implemented by the DMS. These include automatic monitoring and flagging of violations or risky behaviors and the rapid invocation of preemptive actions.
These capabilities make it possible to integrate GRC rules and policies into digital content today. Businesses can take steps now, prior to the availability of specialized digital GRC tools, and optimize information architectures in anticipation of the predicted changes to come.
The Low-Risk Way to Bolster Digital Risk Mitigation
The potential for disruption makes digital GRC a trend to watch, and should encourage businesses to evaluate the current information foundations and management strategies that will either impede or streamline the adoption of future risk mitigation methodologies and tools. With the right document management solution, businesses can enjoy immediate benefits that stem from faster searches, automated workflows and increased security. In the long term, the DMS market will most certainly build on previous successes for compliance-related tasks and offer roadmaps that take into account the currently evolving digital GRC approaches and solutions.
If you are interested in learning more, here’s John A. Wheeler’s complete post “To GRC, or Not to GRC?” on the Gartner Blog Network.