Automating governance, risk and compliance: with businesses facing Ever-Growing compliance demands, technology that eliminates manual processes can reap significant cost savings in the implementation of Sarbanes-Oxley and other regulatory mandates.

• Author: Anderson, Sheila
• Position: Governance

Governance, risk and compliance, or GRC, is the latest business buzzword. With today's advanced software systems, an organization can manage its GRC functions with greater efficiency to make more informed business decisions. For companies operating under regulatory requirements, such as the Sarbanes-Oxley Act, automated GRC is not an option, but a necessity. An AMR Research study notes that technology can reduce the cost of Sarbanes-Oxley compliance by more than 25 percent by eliminating manual processes that require time-consuming tasks.

While the term GRC can mean many different things to various organizations, common elements are found from one industry to the next. Essentially, GRC encompasses adhering to all the laws and regulations that govern a business, enforcing processes and policies and assessing and minimizing risk exposure. Other components of GRC can include corporate security, corporate ethics, quality management and performance management.

However, the ultimate goal of GRC is to protect the interests of an organization's stakeholders, from employees to customers. In order to assure effective GRC management and satisfy stakeholders, many financial organizations are turning to technology to automate their GRC initiatives.

Prior to automated GRC technology, companies risked operating with silos of information, such as Excel spreadsheets, separate general ledgers and subsystems. These systems were not integrated or designed to work together and often processed the same data, yet maintained overlapping data stores. As a result, data integrity was compromised and accurate financial reporting was jeopardized. Similarly, account reconciliations were performed manually via a spreadsheet, risking error and limiting an organization's ability to access the most accurate financial data.

Fortunately, times have changed. Today, organizations are turning to automation for many reasons, with accountability and government mandates driving the decision to make the switch. Due to the broad scope and complexity of GRC--and the push for corporate responsibility--financial executives need as much assistance as possible to meet the requirements stemming from mandates such as Sarbanes-Oxley, the Health Insurance Portability and Accountability Act (HIPAA) and Basel II.

For example, one aspect of Sarbanes-Oxley compliance centers on the type of business records and communications that need to be maintained. Automation supports this requirement by preserving detailed audit trails with date and time stamps of all correspondence and actions...