The Latest

22 February 2022: MetricStream has launched software solutions for governance, risk and compliance (GRC) that generate quantified, AI-powered risk insights for business growth, cybersecurity, and environmental, social and governance (ESG) reporting compliance. The SaaS company’s line of GRC software products address enterprises’ manual processes for GRC reporting with automation and improved visibility. The solutions consolidate fragmented and siloed data sources required to report on GRC.The solutions are available as three pre-configured packages, with the end goal being to enhance enterprise ESG scores.

Why it’s Important

Organisations with a lack of GRC capabilities can surfer from weaker strategic and operational processes. Without clear accountability and ownership, they run the risk of operating outside compliance boundaries, potentially with penalties and regulatory sanctions.

The purpose of GRC is to provide a centralised risk repository and reporting, in theory, leading to better transparency through enterprise regulation measures.

While it is possible to implement GRC within existing business intelligence and data management tools, not all Australian organisations can deploy GRC this way due to limited expertise and capacity constraints within the analytics teams. Furthermore, unlike in large enterprises where robust BI tools are integrated into their core information repositories and external data sources, small and medium enterprises have yet to achieve a more mature data management capability, and lack the budget for analytics and information management teams. In the end, compliance reporting costs them a lot of their financial resources to be at par with the quality of reporting that regulatory offices demand from them. Pre-configured GRC and ESG reporting tools may be a more viable option for these enterprises.

IBRS believes that GRC is becoming increasingly important among Australian organisations and will impact them across industries in terms of transparency through systemic workflows where real-time insights can be used to guide decision-making that meets minimum requirements from regulatory changes.

Who’s impacted

  • Business analysts
  • Risk managers

What’s Next?

Organisations need to be familiar with GRC and how they can best create a culture of compliance that ensures active oversight and adherence to applicable laws and regulations. Senior executives can drive a culture of transparency and efficient risk management by engaging in programs that meet GRC expectations, through compliance participation and implementation of preventive measures. This will improve risk control and promote good governance and organisational ethics.

To overcome the complexity of ‘build-it-yourself’ GRC and ESG reporting, consider if GRC software tools may complement the organisation's existing analytics platform through add-on solutions or dedicated products that make it easier to produce audit, accreditation and governance risk management reports.

Related IBRS Advisory

  1. IBM Acquires Data Analytics Firm Envizi
  2. More Evidence for Cloud Leading Sustainable ICT Charge