Swiss GRC

The GRC Evolution driven by its natively inherited privilege

Love this Blog? Why not share it with the world?

When hearing the acronym GRC, practitioners familiar with the term, which stands for Governance Risk and Compliance, intuitively associate a heavy regulatory burden, formal and rather cumbersome compliance procedures and deadlines, painful internal and external audits, and huge costs.

Nevertheless, following the emergence and adoption of internationally recognized ERM standards such as COSO in the mid-1980s, and regulatory driven topics such as Operational Risk Management (BASEL II) in the early 2000s, over the years GRC has emerged as the most widely used, recognized, and globally adopted standard for corporate governance.

The GRC domain has gone through various stages of development and is constantly evolving. It has succeeded in improving its image in recent years and is just about to get out of the shadow of his unjustified bad reputation from the past mentioned above.

In this management summary we will take a brief look on what has changed, what are the main driving forces in this “Next-Gen” GRC and will focus on the most appealing and promising GRC developments and trends going forward.

The Unique Position of GRC

As its name suggests, GRC aims to consolidate, streamline, and visualize all topics relevant to the transparent, compliant, secure, resilient, and successful management of an organization. Compared to other stand-alone domains in this filed, such as the management of different types of risks, KYC, AML, Fraud Detection and Prevention, Business Continuity and Performance Management, etc., which are unfortunately often seen, treated, and practiced as isolated silos, GRC has this “natively inherited privilege” of serving as THE unifying information and management platform. Starting with users at the lowest levels of an organizational structure, up to the highest level, the management, and C-level users. 

Core Characteristics of NextGen GRC

Consequently, this exceptional position and privileged status of a GRC platform within an organisation, compared to other decision support and executive information systems and platforms, implies, and evokes much higher expectations on the one hand and a considerable degree of credit, trust, and reliance on the other. Which without any doubts obliges to higher reliability, quality, and performance standards. 

Based on this the first three main characteristics of a mature next-gen GRC platform, which emerge almost naturally as a matter of course are: Adequacy, Relevancy and Actionability. 

So, let’s start with the first two. Adequacy and Relevancy are often and unjustly being used interchangeably, representing the main GRC characteristics since day one with their implicitness and self-explanatory nature.  

Adequacy means that the generated GRC insights, followed by triggered actions and decisions, are based on the right and sufficient data and inputs. This is one of the basic characteristics of any decision support or executive management system, serving as reliable fundament, on which you can build up the rest.  

Relevancy, on the other hand, means that the generated GRC insights are correctly distributed and reach the right audience and the right recipients at the right places. So, that managers and decision makers can take well-founded and informed decisions.  
Mastering these two, is a prerequisite, it’s simply the baseline, a must.  

Actionability, what does it mean? Traditionally executive information systems and dashboards were there just to visualize consolidated figures. They were primarily there to inform the right recipients on the right places of the organization, hopefully with the right and sufficient data. Gradually, distribution of tasks and actions, initiation of workflows and their monitoring – the Actionability of GRC insights, has become an indispensable requisite of any GRC platform. In the meantime, it Is not a secret that many GRC providers have originated from the BPM industry extending their business process management platforms into the GRC domain. 

Timeliness and Forward-Looking: Key Differentiators

So far so good. As we continue exploring, we will notice that the following characteristics start playing a decisive role in the context of the perceived and effectively occurring GRC image “improvement”, the evolution and establishment of the Next-Gen GRC, accompanied by its even wider adoption.  

Having described these first three characteristics of a GRC platform we have reached a point where with relatively high level of confidence we can say that 1) the vast majority of GRC platforms available today on the market, to a different extend of course, support these three MUST criteria, and 2) that unfortunately, for many of those providers the GRC innovation journey has got stuck here. 

So now it starts getting interesting, because the following characteristics represent THE main differentiators in the GRC industry and perfectly foster, facilitate, highlight, and underscore this unique and natively inherited privilege of GRC and its importance to a maximum.

Innovation and Competitive Advantage through Timeliness

Timeliness addresses the aspect of WHEN, of the timing and how fast the GRC insights and the following actions reach their recipients and decisionmakers. Looking back in time the traditional and still widespread understanding of the GRC concepts has represented, and for many unfortunately it is still representing, a rather static universe. Data gathering, analysis of information, generation of insights and distribution of actions has followed a formal and rather “comfortable” time pattern. This fact is one of the main reasons accountable for the widely spread perception of GRC being “just” a collection of compulsory and cumbersome procedures to be followed on regular basis.   

This GRC aspect undergoes significant changes as we speak and offers at the same time a tremendous potential for innovation, differentiation, and competitive advantages.  

As we live in a very dynamic world with constantly changing behavioral patterns, where new risks and threats are emerging almost every single day, we cannot afford to act (or rather REact) following this “comfortable” time pattern of data gathering, data analysis and generation of valuable insights. To be fair we need to recognize that also in the past there were attempts of bringing more dynamic in this static world, by extending for example the usage of KRI’s and KPI’s. But unfortunately, this has been done not even nearly in the manner and pace, which would correspond to the pace and dynamics of the real world with its real and highly dynamic threats and risks.  

The Future of GRC: Combining Timeliness with Forward-Looking Insights

Innovative GRC platform providers have recognized these deficits and shortcomings in the traditional concepts and are already now successfully implementing modern Next-Gen GRC approaches where Timeliness plays a key role and represents a major success factor for them and their customers. 

There is, however, one more important factor to consider. Timeliness has its “twin sibling” without which the positive effects of Timeliness alone diminish significantly.  

So, let’s talk about the next key characteristic of the Next-Gen GRC platforms. It relates to the PERSPECTIVE or the DIRECTION of the data gathering, data analysis, and generation of insights. Traditional GRC concepts are mainly focused on historical, Backward-Looking data, data analysis, quantification, and generation of insights.  

Is Backward-Looking data and data analysis important? Of course, it is! … Is it sufficient in our modern and highly dynamic and complex world? Definitely not! 

So, what we are looking for is also the so important Forward-Looking way of data gathering, data analysis and generation of insights.   

Forward-Looking means constantly reflecting and analyzing the NOW and the PRESENT and being able to generate timely insights for the FUTURE based not only on historical, past, or simulated data, but on real data of the present, of the now. This gives the necessary perspective, directions, and hints of what is coming ahead, of the dynamics of our complex world, so that we can proactively act, decide, and adjust, long before risks and threats materialize.  

The high pilotage and the master discipline of combining Timeliness with Forward-Looking mechanisms in the GRC space, along with the usage of all traditional and well established GRC methods and approaches, is the core success factor for every GRC practitioner dedicated and committed to excellence.

Join the Swiss GRC Community

If you are interested in understanding how exactly companies and GRC professionals striving for excellence are managing this transformation from a traditional to a NextGen GRC setup, what new methods, approaches and technologies they are using, how they are adapting existing processes and defining new ones, how their mindset is evolving during this exciting journey of innovation and discovery, then join our Swiss GRC community, follow and participate actively in our discussions, webinars and events. We would be glad to hear from you! 

Picture of Nikolai Tsenov

Nikolai Tsenov

Nikolai Tsenov heads the Product & Business Development department at Swiss GRC. He is an experienced expert in consulting, product and project management, business development and sales with over 20 years in the industry. His areas of expertise include risk and performance management, compliance, fraud detection and prevention, AML and data analytics.

All about the GRC Toolbox

Would you like more information about our solutions or do you want to experience the GRC Toolbox in a free demo?


Swiss GRC Blog

"Do you know what is common between economists and pathologists?" This was the question our Behavioural Finance professor asked us in his farewell speech during our graduation ceremony many years ago. Without awaiting any answers, he said: “Economists can always explain everything. What happened, why did it happen and what were the exact causes and reasons?...”
Dive into this comprehensive analysis to discover how emerging technologies, integrated GRC frameworks, and a renewed focus on cybersecurity and operational resilience are defining the future of GRC. Equip your organization with the knowledge to not only face the challenges of today but to leverage them into tomorrow’s opportunities.
The GCC GRC DAY 2024 brought together leading industry experts who engaged in rich discussions about the most pressing GRC challenges, sharing insights and strategies to effectively navigate the complex landscape of governance, risk and compliance (GRC).

Get the latest news & updates

Subscribe to our newsletter now

Stay up to date on news trends in Governance, Risk & Compliance (GRC) with our newsletter. We inform you monthly about current topics, events such as the SWISS GRC DAY and exciting professional articles.