Continue to Site

Four questions about GRC solutions answered

As the world continues to change, consider leveraging technology for your GRC program

By Szuyin Leow November 16, 2020

Governance, risk and compliance (GRC) are essential business functions that keep organizations on track with effective decision making, risk mitigation and control and compliance with all industry standards. Tracing GRC processes can take many shapes or forms, depending on the organization and its needs. However advanced the organization, spreadsheets and email just don’t cut it anymore when it comes to tracking GRC. Better technology is available to consistently evaluate the effectiveness of security controls, outline protocols to prevent worker injuries and major accidents, measure and mitigate risks or assess risks as new standards are implemented.

Unfortunately, we don’t get a “heads-up” when something bad is going to happen. COVID-19 is a perfect example of this. Many plants are feeling the impact of COVID in various ways, such as altering what products are produced, speeding up processes, forcing shutdowns or accelerating the adoption of automation. As a result, the GRC function is increasingly pertinent.

As warehouses and manufacturing facilities increase their use of technology, it might be a good time to consider a technology solution to assist with GRC. GRC solutions can help automate processes, create repeatable workflows and quantify risk.

As a customer success manager, I have a front-row seat to companies across various industries as they implement GRC solutions. Through that work, I’ve seen four common questions emerge.

1. What do I need to do before implementing GRC tech?

Smart companies want to make sure they are set up for success before they invest in any sort of technology. When it comes to GRC technology, businesses must “align and define.” The company must align on a common goal and define the existing processes around governance, risk and compliance.

The implementation process does not have to be complicated. It can be simplified by avoiding the bells and whistles at the start and focusing attention on the program must-haves. Building around the necessities and innovating from there will set up a GRC program for success.

2. How can I help my company work cross-functionally?

Most companies are looking for ways to improve collaboration among departments. To tackle an issue like risk, there must be buy-in from across the organizational structure. An organization-wide culture of risk must involve stakeholders from all levels and departments in the business. All employees should be empowered to bring up any potential risks they see to cultivate a strong culture.

3. What are the best practices for GRC?

A great way to improve internal processes is to learn from what others are doing. While there aren’t any one-size-fits-all practices we see in tackling GRC — regardless of the industry — all great processes center around being agile. Industry requirements and government regulations are constantly shifting so you must leverage technology to keep up with all the changes. Finding a solution that allows you to easily modify policies and procedures will help tremendously. Don’t forget to lean on your technology partners for templates and best practices, especially ones specific to your industry.

4. How can I encourage adoption?

Any time new technology is introduced in an organization, securing buy-in is essential for adoption. When investing in a GRC solution, the best way to ensure user adoption is to get your team involved from the beginning. Ask them questions and get their feedback. The more ownership you give them, the more likely they are to make use of the new technology.

Manufacturing plants and warehouses face risks across the board, but by creating a culture of risk and implementing a GRC solution, you are able to mitigate some risks and take on other, more strategic risks to increase business value. As the world continues to change at a rapid pace, consider leveraging technology for your GRC program.


Author Bio: Szuyin Leow is a director of customer success at LogicGate. She works with LogicGate’s customers and partners to operationalize their governance, risk and compliance objectives to deliver meaningful results and value through the LogicGate platform. Prior to LogicGate, she worked as a cybersecurity GRC consultant at PwC advising clients across multiple industries on their Information Technology and IT Security programs.