September 26, 2019 | Written by: David Marmer
In my May 2019 blog, “Has GRC Reached Its Tipping Point? Observations From The Front Lines”, I described a set of common patterns that are driving business initiatives in Governance, Risk & Compliance. These highlighted that:
- Organizations are transforming their GRC frameworks,
- They are driving to realize greater benefits from already significant GRC investments, and
- There is an increasing focus on GRC solutions that are more forward-looking in their guidance
These patterns can be summed up in one phrase: “GRC is Everyone’s Business”. This applies to every industry, especially highly regulated ones, such as Financial Services, Healthcare, and Industrial organizations. We see clients with this enterprise view of GRC looking to cover Operational Risk, IT Risk, Supplier Risk, Model Risk, SOX, Policy Management, Compliance, and Internal Audit in a connected, integrated approach.
This statement is not an exaggeration as we are witnessing first-hand client, after client, emphasizing a desired culture for risk and compliance that is inclusive, consistent, and one which drives performance with confidence. Specifically, we see the execution of a “GRC is Everyone’s Business” strategy manifesting itself in three areas: Confidence, Efficiency, and Transparency.
IBM OpenPages with Watson continues to invest in providing our clients with what they need to move forward in each of these areas.
Confidence – Why GRC needs to get more personal
Organizational confidence is driven by many factors such as data accuracy, transparency of operational risks, connecting those risk to processes and ensuring the right people are engaged in thoughtful risk management. As such, the market is demanding more participation from all levels in their businesses, especially the first line on defense (Line Management) (see Figure 1). IBM has enabled OpenPages with Watson (OpenPages) to engage all lines of defense with a new task-oriented user interface and embedded visual workflow designed to engage the first line of defense without training. We have invested in new views, visualizations and a personalized workspace engaging everyone to be more productive and effective in managing risk. The result of this approach to GRC ensures a risk-aware culture and allows everyone to efficiently participate in managing important risk and compliance activities.
Figure 1: GRC Gets Personal – Improving the Culture for Risk & Compliance through personalization
From our experience in the fields, we believe that for organizations to engage more users, their GRC system must become more relevant and personalized. This user personalization can be seen throughout OpenPages starting with the new personalized workspace that is fully customizable by each user through panels that can be added, removed and hidden (see Figure 2).
Figure 2: OpenPages Homepage Workspace
Increased confidence starts with accurate and complete data. OpenPages Task Focused User Interface uses visual cues, validation messages, floating guidance and can make classification recommendations to ensure the first line of defense can easily and accurately capture needed information (see Figure 3).
Figure 3: Visual cues for improved data entry and quality
Users can always see their tasks, and the tasks of their team, to ensure risk activities, such as assessments or tests, are proceeding as expected to conclusion (see Figure 4) . This allows for more coaching and less policing of activities.
Figure 4: OpenPages Task Oversight View
Efficiency – Agile GRC and pre-built solutions drive efficiency
Clients are also demanding that new use cases be delivered faster and to be updated more frequently to reflect the volatility in their business. With our recent release of OpenPages, we have delivered a truly agile GRC. OpenPages uses visual design for UI and embedded workflow promoting a transformative, agile collaboration between business and IT (see Figure 5).
Figure 5: Visual studio for creating guided task workflow and user interface
Built on top of OpenPages UI and workflow the solution delivers pre-built content that can be further configured or customized improving the time to market for client’s risk programs. For example, for Regulatory Change Monitoring/Horizon Scanning application, there is a prebuilt integration to Thomson Reuters Regulatory Intelligence (TRRI) that support over 900 regulatory sources to both monitor and map regulatory events within OpenPages (see Figure 6).
Figure 6: Pre-built content example for Regulatory Change Monitoring
With this integration and agile workflow, we are able to identify and triage applicable events and alert the appropriate stakeholders. This allows for appropriate prioritization and classification of events and reveal the potential impact to their obligations, associated policies, procedures and controls (see Figure 7). This enables organizations to more effectively manage the over 58,000 regulatory events that occur annually.
Figure 7: Regulatory Change Monitoring and Impact
Transparency – Designed for single view of risk across all domains for all users
Finally, customers need a better, holistic view of risk and compliance across the enterprise down to every employee and supplier. OpenPages common risk library and single data model ensure consistency and holistic views of risk and compliance. The result is a powerful shift for our clients away from purely “What’s Happened?” to also include “What’s Coming?” using advanced analytics, visualizations and AI.
For example, OpenPages applies interactive tree maps to explore how information such as assessments, business entities, processes, resources, products and controls are all connected in the organization allowing a complete view (see Figure 8).
Figure 8: OpenPages Tree Map
OpenPages also provides new styles of embedded heat maps and charts that can be either zone or count based providing individuals a fast way of determining areas of focus and impact (see Figures 9, 10).
Figure 9: OpenPages Heat Map
Figure 10: OpenPages embedded charts
All of these innovations have come from working with our clients and partners, through our Design Thinking practices, which allows for frequent input and playbacks with our sponsor users. We are grateful that we have outstanding participation and collaboration across our client base. OpenPages with Watson continues to change the game for our clients, enabling the transformation of their GRC framework through standardization, faster use case delivery, greater user adoption and satisfaction.