by clicking the arrows at the side of the page, or by using the toolbar.
by clicking anywhere on the page.
by dragging the page around when zoomed in.
by clicking anywhere on the page when zoomed in.
web sites or send emails by clicking on hyperlinks.
Email this page to a friend
Search this issue
Index - jump to page or section
Archive - view past issues
GRC Professional : GRC Summer 2013
32 GRC Professional • Summer 2013 ROUND TABLE THE BIG ISSUE What is the value to your clients of intelligent GRC software and will the day come when technology surpasses the human factor in this arena? Most GRC software packages are nothing more than relational databa ses that, if well designed and properly implemented, allow organisations to manage risks, compliance tasks and incidents more effectively. The old adage of "r ubbish in, r ubbish out" applies to GRC software as much as it does to any other relational database. The key to successful implementation is ensuring the core capabilities of your chosen GRC software can deliver desired outcomes. Organisations that get these things right will achieve a significant return on their investment. This will largely be obtained through enhanced decision-m aking capabilities (achieved through greater transparency of non-financial data) and enhanced productivity (achieved through greater personal accountability). The inefficiencies (not to mention the expense) of throwing people at the problem, armed with paper checklists and excel spreadsheets, should be obvious to any observant manager. This is not to say that effectively selecting, designing and implementing GRC software is child's play. It requires vision, commitment, focus and discipline and having someone with sufficient expertise and management clout to take ownership of the project. Vendors continue to improve their offerings with "mobility" and enhanced graphic reporting. But the day will not come when technology surpasses the human factor in the GRC arena. The sheer volu me of data generated today requires a combination of technology and human intelligence to direct strategic decision-making. Easily understood GRC software establishes clear and consistent processes for assessing, understanding and managing risk. It allows for transparency within an organisation, the clear definition of ownership of risks and compliance obligations and it facilitates knowledge transfer in times of organisational change. Our systems create consensus on risk framework criteria, provide greater visibility or risks and compliance across the organisation, gives the board and senior management assurance on key risks and assists in the management of incidents within the organisation and their impact on ongoing risk assessment and mitigation. But system s will never replace the application of human intelligence -- and their value will always depend upon the quality of information put into the system and to what degree it is embraced by an organisation. As computer pioneer and inventor Charles Babbage said -"On two occasions I have been asked, "Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?" ... I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." JAMES FIELD, MANAGING DIRECTOR, COMPLISPACE KIM WILSON, MANAGING DIRECTOR, TICKIT SYSTEMS The concept of "intelligent" GRC software is a misnomer. ' Easily understood GRC software establishes clear and consistent processes. '
GRC Spring 2012
GRC Autumn 2013