Great ideas are often not populist. Take for instance what Confidence Governance® Founder and Emerging Technologies Investor and Evangelist Mr Bhavesh Bhagat (Twitter: @bbhagat) stated in a recently concluded IIA/ISACA conference.
During his keynote, one of the most controversial statements, well for some who still believe that the old ways of Governance, auditing and assessing Risk and executing Compliance still exist, made was the fact that GRC is as dead as dodos.
Given a world where the line between coterie and masses is as thin as nanometer, where NSA leaks are a constant, where major processions can be staged with mere tweets, where freedom to speech and social media journalism are the buzzwords, Bhavesh drilled an important point:-GRC needs a complete reboot.
So how does one do that?
Imagine a world where 45 million photos are uploaded on Instagram EVERY DAY, 100 hours of Video are uploaded onYoutube every minute, massive amounts of data are shared through Cloud, USB, DVDs and works. Information of all types from profane to profound, changes IPs every moment; big Data sets in, analytics of unseen scales are being coded out. There is more and more transparency setting in every human-tech interaction. Think of all this and so much more that is happening as you read this and you get the drift of why GRC is a nightmare and the conventional one is dead already.
So how does one tackle it?
The answer lies in internalising Governance, Risk and Compliance as a component of doing business as opposed to it being a layer that is plugged later on. GRC should be more than just documentation and workshops on what is Risk, how to manage it et al. It should be built into the system, into the business ecosystem from ground up to be functional. It should be a part of the ERP as opposed to being an external layer, charging you a bomb for its redundant services. Real Risk assessment comes from the business acumen and not software and therefore the old GRC modules that dictated the way you should do information transactions should be replaced by businesses that dictate what GRC should do for them without being a chore themselves.
And to achieve this, Governance Professionals need to do some soul searching to find answers. Well, for their own survival Now!
And before you label us as the Naysayers or Critics of GRC as a trade, let’s clarify that we are Realistic and Pragmatic Emerging Technologies Governance Risk & Compliance Professionals trying to put some sense into the domain. Sooner the trade acknowledges, better and secure your business gets.
To download Mr Bhagat’s ppt on Emerging Technologies, please click here.