Does Governance, Risk and Compliance Management Love Process Improvement?

In the last few months, I have seen many companies run process improvement initiatives completely disconnected from their Governance, Risk & Compliance (GRC) Management projects. They don’t just use different tools but also set up disconnected teams making it difficult to deliver a sustainable GRC project that’s not mapped to processes and business objectives.

The Deutsches Forschungszentrum fur Kunstilice Intelligenz (DFKI) examined three complex drivers for compliance externally imposed on organizations:

  • heightened complexity of business processes with an increased number of process interfaces
  • rising frequency of process changes
  • a continuously growing amount of compliance regulations

To me, it’s obvious these drivers also drive process improvement but the question remains, “what should a process improvement/GRC platform provide to leverage synergies from both disciplines?”

#1 Technology:

A GRC solution should be built on a consistent set of data and should have a connector for all relevant regulations, requirements, and risks. The perfect connectors are processes. They visualize the relation between the assets; they enable impact analysis (which process is affected if a certain regulation changes) and they map GRC to operations and then to monitoring. The solution should also support workflows for defining, and communicating rules, instructions, controls and documentation of GRC activities. For more best practices in identifying the right GRC platform read, “Efficient Support for Internal Control Systems via a GRC Software Platform”  or visit the ARIS GRC lounge.

If you’re looking for a 3rd party review of GRC platforms, download the latest Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms.

#2 Organization:

Technology is important but don’t forget the organizational integration. Blended teams of process improvement and GRC experts tend to get the best results. The benefits of bringing these teams together leads to better processes with lower and transparent risks, 100% regulatory compliance, faster and cheaper audits and overall higher security for less cost.

#3 Technology + Organization:

Process Improvement and GRC are one of a kind – both are about visibility, accountability and adaptability. As a matter of fact, many process improvement initiatives lead to higher risk and regulatory awareness and with this inherently define the purpose for GRC. The same principles apply to GRC. Many GRC initiatives lead to process thinking which drives the need for process transparency and management. The integration of process improvement and GRC technology as well as their blended teams are important for business success.

They don’t just need each other; they can’t exist without each other. Yes it’s true, GRC and Process Improvement are in love with each other. What about you? Do you have process improvement/GRC love stories to tell?

About Joerg Klueckmann

Joerg Klueckmann has written 30 posts in this blog.

Joerg Klueckmann is head of Enterprise BPM at Software AG. He studied sociology, business administration and intercultural communication at FSU, Jena, Germany, and at Louisiana State University in the U.S., where he graduated with distinction. Prior to joining Software AG, Joerg was head of product marketing at Intershop and IDS Scheer. He has written numerous articles about business process management, business innovation and process intelligence.

Leave a Reply