GOVERNANCE, RISK AND COMPLIANCE IN 2033

A holistic approach to managing governance, risk and compliance (GRC) aligns with W. Edwards Demings’ understanding that a company is not only an interconnected system, but on the macro-level is integrated into its local and global environment. A company must be able to identify its risks and opportunities in order to adapt its structure and processes. By doing so, the company best equips itself to deal with its current business landscape, but also futureproofs itself. Based on ongoing risk assessments, a company’s processes must be as bold as required and as streamlined as possible. Non-efficient processes are likely to be perceived as a bureaucratic burden, tempting employees to seek loopholes, which can expose the company to legal and financial risks. As Mr Demings noted: “A bad system will beat a good person every time.”

So, what will the GRC function look like in 10 years’ time? Artificial intelligence (AI) will further automate routine tasks, including data collection and analysis, especially for standard processes and controls. This does not mean that the GRC officer will no longer be involved in the operative part of those controls, but instead of monitoring the data itself, the focus will shift to monitoring the algorithms to ensure they remain focused on identified risk factors.

Growing use and familiarity with AI, including chatbots, will continue over the coming decade. Already, such tools are an accepted and even preferred tool to answer general questions and even discuss issues. Depending on local culture, employees may even prefer to discuss sensitive topics, such as harassment, with an AI avatar rather than with a human.

Jul-Sep 2023 Issue

Patrick Henz

Join our free mailing list to read the full article