The term “digital transformation” has been a topic of conversation for decades as organizations continue to be on a path of modernization and optimization. This transformation is indeed a journey, including migration to cloud-based infrastructure, shoring up cybersecurity measures, implementing software solutions to provide valuable insights, and more. As digital transformation continues, it is no surprise that the most successful businesses today rely on a host of technological solutions to run day-to-day operations.
Managing risk and compliance across an organization is an area where digital transformation can provide a wealth of benefits. Leading organizations leverage the immense value in data derived from ethics and compliance programs to create efficiencies and gain a better understanding of the company culture. By embracing digital transformation of ethics and compliance programs, organizations are better able to evaluate the cultural health of the company, remove information silos, increase collaboration and eliminate redundancies in technology.
Simplify the complexity of data management
The amount of data any given organization produces can be overwhelming. When thinking of just the ethics and compliance data, this includes information such as hotline reports and related investigation outcomes, training and policy completion and attestation, conflict of interest disclosures, third-party supplier compliance (including sanctions compliance) – and that is just the tip of the iceberg. For many organizations, this data is being managed – but often this is done through siloed systems and multiple software solutions.
When these data points are woven together, we begin to see the story this tells about the culture and compliance health of the company. Further, we’re seeing a growing appetite for using these data points to benchmark against peers and present to executive leadership.
Simply put, the vast array of data is far too complex for manual analysis and management. To do so via spreadsheets and emails will inevitably lead to something critical being overlooked. As an organization grows in employee count or to other geographies, this problem gets exponentially more complex. The challenge this presents is twofold – the diminishing ability for inadequate tools to achieve even the bare minimum of data management for the expanding organization, and the growing difficulty of analyzing that data for any meaningful insight.
Given the breadth of this information, simplifying the complexity of governance, risk and compliance (GRC) data requires a consolidated information system, or GRCIS. More and more, we’re seeing organizations that seek to gain a holistic understanding of GRC information migrating towards a consolidated platform to take advantage of the insights provided from ethics, compliance and risk data. Additionally, with increased requirements being imposed by the U.S. Department of Justice and other global regulatory bodies, having access to program data, and using that data to actively manage compliance risks, is vital to prove program effectiveness.
Arguably, the most important aspect of consolidating data from risk and compliance programs into a usable format is the ability to tell a story to leadership, employees and other stakeholders. When this data is scattered across multiple owners and resides in different systems, telling that story is made difficult. Most boards of directors receive periodic reports about compliance matters – in fact, 70% of respondents to NAVEX’s 2022 Definitive Risk & Compliance Benchmark Report survey indicated this is the case – so being able to consolidate this data is imperative to telling the story.
Reduce cost and remove silos
Most organizations today have to deal with silos in at least some parts of the business – and the larger the organization, the more likely this is to happen. Further, for large enterprises, there is more likely going to be a robust tech stack collecting data from across the organization. While technology solutions are vital to business operations, too many solutions can inadvertently silo data and increase costs to the business. Throughout the journey of digital transformation, many organizations have continued to add solutions to their technology portfolio in hopes of gaining better insight and increasing efficiency. In some cases, it is years before leadership realizes all this has done is increase cost, create silos of information, and decentralize critical information.
While this conundrum applies to many departments in a given company, let’s focus on GRC specifically. We’re seeing a growing appetite for the consolidation of information related to ethics and compliance programs and risks, including hotline reporting, training, policy and procedure management, COI disclosure, third-party compliance, and more. Removing these silos is an important goal, and a much needed one for many organizations where compliance responsibilities are split across multiple departments – which accounts for 21% of the respondents to the 2022 NAVEX survey benchmark. A thoughtful and mature GRCIS can manage the wealth of data mined from these areas, thus reducing cost and removing the silos.
This is particularly helpful because the data within each area can be consolidated to paint a picture of the cultural health of the organization. While small- and medium-sized businesses tend to have fewer silos and fewer resources, large enterprises tend to have more silos and resources. In either case, businesses of all sizes greatly benefit from a consolidation of GRC program data from the cost savings and the elimination of siloed information.
Decrease redundancy and increase efficiency
Since budgets are typically allocated on a by-department basis, we’d be hard pressed to find an organization today that didn’t have some redundancies in their technology portfolio. In years past, compliance programs were widely operating in shared drives with spreadsheets and email communications as the predominate method of management. Now, we’re seeing an appetite for analytics and efficiency built into software solutions – something that is likely to increase as the potential for a recession continues to loom.
According to a global survey of over 1,400 IT professionals conducted by Spiceworks Ziff Davis, even though half of surveyed organizations plan to take precautionary measures to prepare for economic slowdown, 51% are still planning to increase IT budgets in 2023. Also, according to the survey, common preparations for an economic downturn include “re-evaluating vendors or contracts”, and “decommissioning unnecessary infrastructure.”
While technology spending may be on the rise, it’s clear that most organizations will make these choices thoughtfully and not simply add solutions to the tech stack. In this same survey, 26% of respondents indicated “consolidating redundant tech” as one of the measures their organization is taking to prepare for a potentially turbulent economy in 2023 and beyond. While this percentage may appear smaller than expected, when combined with “re-evaluating vendors or contracts” (30%), “strategic refocusing” (28%), and “adapting products or services” (26%), it is clear organizations are focused on decreasing redundancy and increasing efficiency.
There are several areas of overlap within GRC programs and other departments where redundancy can be reduced. For example, while compliance training is traditionally handled by the chief compliance officer or equivalent, employee onboarding is usually the purview of human resources. So, in this example, if completion and attestation for HR and Compliance trainings are being tracked in disparate systems, there is an increased likelihood of incomplete or missing information. Another common example is policy management, which, for many, is managed with emails and shared drives. The version control predicament this can create is not only inefficient, in some cases it can be dangerous (e.g., in a healthcare scenario where following proper procedure can be a life-or-death situation.)
However, when information is centralized and access and version control is consistently managed, organizations are able to ensure a consistent experience – all while eliminating redundant information and creating a more efficient workflow.
Increased regulatory enforcement for compliance infractions and growing public attention to how businesses operate will cause organizations to prioritize their efforts in ethics and compliance. This is especially salient to compliance officers who are being asked to prove their program works in practice. The required level of transparency will require data from across the company in order to tell the story to regulators, stakeholders, employees and the public. As organizations prepare for an economic downturn, the emphasis on efficiency will play a large role in how technology is evaluated.
Public attention is also likely to stay focused on how organizations operate – including misconduct, supply chain and third-party integrity, data security, and more. All of these forces combining means organizations will prioritize using digital solutions to monitor the metrics that matter and take the data yielded to demonstrate their accountability and compliance. In this turbulent, 24/7 news cycle environment, companies that do the right things the right way will yield better results in the long term – and those that fail to prioritize ethics and compliance as a cultural pillar will eventually face regulatory enforcement and reputational damage. To that end, consolidating data from GRC programs and using it effectively will be key to enhancing cultural health within organizations and maintaining regulatory compliance as those requirements evolve.
For the full Top 10 Trends in Risk & Compliance eBook, click here.
For more information about how NAVEX can help your organization simplify employee compliance, discover the new People Hub on the NAVEX One platform.