There is an imperative to improve governance, risk management and compliance processes to better manage risk, address increasing regulatory requirements, increased executive accountability and the fragmentation of information. It is about getting the right information, to the right person, at the right time. (Isn’t that knowledge management too? )
What is the information problem?
- Managers need to know, anticipate and respond quickly and correctly
- Stakeholders expect reliable and transparent reporting
- Time and resources are spent searching for data
- Data overload
- DINK – Data Is Not Knowledge
It is not about “check the box” compliance it is about improving your business.
Lee thinks governance, risk and compliance should be viewed comprehensively and leverage common systems. Integrated systems can help overcome silos. The key is a single source of the truth.
The goal is to get GRC embedded in the core processes. To be “in the flow” instead of “above the flow.”
Lee is seeing organizations adopting the business concepts of integrated GRC (even if they do not call it GRC).