When surrounded by risk, GRC automation can help
Unpredictable, chaotic, challenging — these are our favorite go-to words to describe today’s environment. Many of us hope that we’ll wake up and find that this was all a movie. In the opening scene, we have the pandemic villain. In the very next, we have the everyday heroes who never planned to be — nurses, grocers and delivery workers. Both visible and behind the scenes, these heroes give us confidence that we can reach a happy ending, just as we have in other crises.
One of the unsung heroes of the past six months has been accountants. Accountants played (and continue to play) a critical role in promoting the public interest and serving as trusted advisors. From audits, taxes and advisory services to strategy and helping with the Paycheck Protection Program, accountants were deemed essential and have worked around the clock to provide guidance and assistance with shifting regulations and due dates.
Within corporate environments, accountants are also essential team members when it comes to governance, risk and compliance (GRC), as they ensure that the business’s strategies and goals are in alignment, risks are identified and addressed, and the business complies with laws and regulations. GRC is always a key responsibility, but it’s even more critical when processes could be compromised due to factors outside of an organization’s control — for instance, an unplanned move from a physical to virtual workplace in only a few days.
Recent events have shown us that organizations already using cloud-based technology were in a much better position than those that were not, and the pandemic environment has magnified the vulnerabilities associated with reliance on manual processes and disparate systems. In particular, moving from a single physical environment to one spread across multiple virtual locations without adequate security and safeguards in place has introduced unexpected risks that are not yet fully realized. This is one of the many reasons why it’s time to re-imagine the ideas we used to think would never work, including how and when technology can be leveraged to improve the GRC function.
GRC in a pre-COVID-19 environment was already complex with many moving parts. Add in a sudden shift to virtual business processes and now there are even bigger potential fires around every corner. But that doesn’t mean you get a pass. Decision-makers expect information that is reliable; regulators require compliance and reasonable assurance that financial reports are materially accurate; the public needs insight to make informed investment decisions. On top of these business-as-usual expectations, the complexity of COVID means that GRC teams must be able to assess new risks, comply with changing regulations and revise governance processes, while balancing speed, relevance and accuracy.
Implementing technology that can automate, predict and adjust compliance processes makes these expectations more manageable. Technology solutions that leverage artificial intelligence and machine learning also make it possible to segregate duties, undergo internal audit assessments, model risk, and analyze errors and policy violations so that risk is decreased and control is back in the hands of the finance team.
The light at the end of the tunnel seems distant, but for all its pain, suffering and disappointments, COVID did help us make lemonade out of lemons. For instance, in a recent conversation with business leaders, I learned that transformation plans are expected to accelerate (not slow down) due to the pandemic, paths forward are being re-imagined, and technology projects now have a greater sense of urgency. In the past, a failed technology implementation was so daunting that many leaders would not risk having a failure on their resume, which made it easier to just kick the can down the road.
Current events have shown that, while the fear of a technology failure hasn’t gone away, the potential benefits have surpassed the dread. Standing still is not a viable business strategy, and speed-to-market, winning customer mindshare, and competitive advantage are all considerations as businesses assess the path forward. Fortunately, in either circumstance of new systems planned or those already underway, there are technologies that can reduce the risk of failure. GRC cloud solutions that include AI-driven risk analysis tools help anticipate risks and track resolution, as well as continuously monitor access policies while onboarding new users, changing role assignments or designing new roles.
When I served as a chief information technology officer, I couldn’t count the times that “temporary” access would be requested or new work assignments would occur — providing team members with more access than needed and creating an easy target for audit team findings. Almost 16 years later, I am happy to note that technology has evolved and improved with time — better and more extensive functionality, improved deployment options, integration that reduces the need to move sensitive data to less secure systems for analysis, and to my delight, no spreadsheets to manage workflows. It feels like dinosaurs were roaming the Earth compared to the current technology options that allow GRC professionals to automate high-risk processes across procurement, accounts payable, accounts receivable and the general ledger.
Technology is not the silver bullet to every business challenge. However, there’s no denying the benefits of analyzing requisitions, purchase orders, invoices, expense reports and orders using AI and machine learning. In a pandemic environment, new risks — both predictable and evolving — will occur, and GRC professionals must have tools to not only calculate the likelihood and impact of risks, but to comply with regulations that mandate highly controlled internal controls, integrity over the financial reports and the safeguarding of user-designated consent parameters.
Ensuring alignment with the mission, purpose and values of the organization, while simultaneously achieving business growth and satisfying stakeholders, was already keeping executives up at night. Now, things like natural disasters, economic uncertainty and the current pandemic have piled onto an ever-growing list of concerns. While external pressures may not let up in the short term, leveraging technology solutions that automate risk and compliance processes will give GRC professionals at least one less sheep to count.