Burgeoning social media streams, improved data capture and analytics, and a proliferation of mobile devices and cheap storage media have left most companies responsible for protecting an unprecedented amount of data -- and facing endless governance, risk and compliance (GRC) strategy
You can actually use social media analytics to monitor and understand your risk levels.
But these advances can be a blessing and a curse to GRC programs.
"There's a tremendous opportunity for us to improve the services offered by our companies," said Norman Marks, a vice president at the Walldorf, Germany-based software maker SAP AG, during a session at the Governance, Risk Management and Compliance Summit in Boston last week. "We can't afford to stay the same when everything around us is changing."
Marks led a session on "The Risk and Compliance Impact of Emerging Technologies," which examined the risks surrounding the increasing number of social media platforms and mobile devices in the workplace and how, when properly managed, these technologies can be leveraged to companies' benefit.
For example, the risks associated with social media data receive a lot of attention, but Marks encourages enterprises to use social media to address risk. With social media analytics, risk managers can learn a lot from data culled from social media applications.
"What are people saying about my company? What are people saying about my products?" Marks said. "You can actually use social media analytics to monitor and understand your risk levels."
The problem, Marks said, is that most companies don't take advantage of available technology. For instance, the most recent financial information CIOs can get their hands on is often from the end of the previous month. Retail stores need operational reports quickly to see what's selling and what isn't, which allows them to replenish inventory and complete other business tasks. But the volume of data is increasing so quickly that they often don't have the tools to run their businesses effectively.
That's unacceptable in today's business environment, Marks said.
"How can you make good decisions based on six-week-old information?" Marks asked. "If you want to make risk decisions, if you want to know if you are in compliance, you need current information, and it also has to be reliable."
If technological advances have led to a data explosion, and business processes are happening faster, companies need to be able to handle risks faster, Marks added. Instead, many risk managers are stuck in the dark ages, thinking it's OK to do a quarterly risk assessment and leave it at that.
"I talked to one company that actually assesses risks every two years, [while] other companies [do so] every year," Marks said. "How can you do that in this environment? The risks are changing too quickly."
Several GRC tools on the horizon could help. More vendors are developing mobile business intelligence capabilities that provide real-time data updates to mobile devices, Marks said. This would enable decision makers to review risk information and make GRC strategy decisions wherever they are, in real time.
Predictive analytics capabilities are expanding in the GRC tool market as well, Marks said. They are designed to help companies see risk and compliance problems before they become a problem. "Companies are coming up with new software that takes your historic trends and tells you, somewhat, what could happen in the future -- it's very good for risk management," he said.
More on GRC strategy
Of course, you do have to make sure the information you're getting from these GRC tools is reliable -- and be aware that they sometimes create risks themselves, Marks noted. In addition, the amount of data being produced continues to grow, but most companies are not putting more funds or resources toward handling the deluge, or the risks associated with it.
But consider the flip side: The information you need to make intelligent decisions is at your fingertips, so you'll have the ability to observe risk and compliance information in real time. You'll improve your compliance monitoring and be able to quickly intervene before risks turn into major issues.
"The new generation will be so comfortable with technology, it will have to change how we run our risk management and compliance processes," Marks said. "The faster you can understand emerging risk, the faster you can respond."