It is well documented that TPRM leaders continue to invest in GRC platforms to enable risk operations. In TPRM Forum’s recent survey, nearly 40% of TPRM leaders indicated investment in a GRC platform will be their leading action to mature and enhance capabilities.
So why are some TPRM leaders experiencing sub-optimal GRC performance?
Governance, Risk & Compliance platforms, like any sophisticated technology tool, offers significant capabilities. While user friendly, they require significant integration, workflow design and ongoing maintenance. This is not a trivial level of effort and requires the appropriate skills to realize the intended value.
TPRM Forum’s PULSE Assessment methodology documents a TPRM organizations maturity in addition to operational risk and environment complexity. Through these efforts, TPRM Forum observes a consistent result: TPRM operations with dedicated, technically capable GRC Platform Administrators achieve greater maturity, operational capability and significantly more value from their GRC platform. Unfortunately, true dedicated GRC Platform Administrators are in the minority of TPRM operations today.
Perhaps GRC platform providers contribute to this challenge as they highlight the flexibility and ease of use of their technologies. ‘Drag-n-Drop’ workflow creation and well-designed user interfaces may mislead TPRM leaders as to the underlying complexity, creating an impression a technical role is not required. When GRC Administrator role is missing, TPRM Forum observes significantly lower levels of GRC platform utilization, integration management and maintenance challenges and continued proliferation of other solutions, limiting the GRC platforms ability to achieve comprehensive, cross-organization integration.
A GRC platform is the core underpinning of risk operations. Make certain to include budget for a technically competent platform administrator to realize the intended value and benefit.