Part II: AI in GRC: GRC 5.0: Achieving Cognitive GRC with AI

Introducing our Authors

Again, we are delighted to bring Part II of this blog series on GRC and AI.  We have 4 highly experienced authors on this blog, to discuss the re-imagining of GRC (Governance, Risk and Compliance) with Cognitive Artificial Intelligence – AI – technologies,  

Jessica McDermott, Principal Director, Accenture, is a leader in the risk and compliance function. She has over 20 years of experience in Financial Services and demonstrated success in driving transformational change. She has extensive experience in resolving regulatory actions, reshaping risk and control environments, delivering enterprise-wide policy and technology change, and increasing operational efficiency. Her areas of expertise include enhancing controls of financial products and activities through business, risk, and regulatory program management.

Jonathan Frieder​, Principal Director – Strategy & Consulting, Accenture has a broad background in Financial Services with expertise spanning Regulatory Affairs and Compliance, Conduct Risk, Operational Risk, Fraud and Financial Crime and IT Security. He is a hands-on leader with 25 years of experience leading and successfully delivering complex regulatory-driven business and technology initiatives for top-tier firms and currently assists clients with identifying and effectively integrating technology solutions to solve challenges, improve operational efficiency and reduce cost. Jonathan is a RegTech liaison to Accenture’s FinTech Strategy Group and FinTech Innovation Lab, an accelerator program for early stage FinTech and RegTech companies.

Apoorva Jain, Senior Manager, Accenture

Apoorva is a Strategy & Consulting Manager within the Digital Risk & Compliance Practice of Accenture’s Capability Network, India. She has over 8 years of experience working with leading financial institutions across geographies including North America, Europe, Middle East, and SEA. Her expertise lies in Operational Resilience, Governance, Risk & Compliance, Regulatory Reporting, Fraud Risk and Credit Risk. She is passionate about driving innovation at clients and helps them accelerate their transformation journeys through process improvements, platform implementations and advanced technology solutions.‍

Venky Verrapotu, CEO and Co-Founder at 4CRisk has over 20 years of experience in building high performance GRC technology platforms and more importantly onboarding hundreds of customers onto the platforms.

‍

Summary of Blog Part I: AI in GRC Series

In our Part I of this Blog Series on AI in GRC, we posited that Intelligent Automation (IA) and, specifically Cognitive Artificial Intelligence (AI), will be essential in Governance, Risk Management and Compliance (GRC) programs to achieve long term success and sustainability. This viewpoint comes from assessing pain points that still exist within GRC programs today, which highlights ongoing difficulty that many organizations have in managing the scale and complexity of requirements/ obligations while keeping pace with changing and interconnected regulatory, business, and external risk environments.

As emphasized earlier, establishing a robust and effective risk management and governance framework is crucial to ensuring compliance to internal or regulatory requirements. The key, however, is to understand how GRC has matured over the years to adapt to the transforming facets of business as technology continues to evolve drastically to enhance the way that business’s function. From being fragmented and obscure to being integrated and defined, GRC has seen a transition from usage of papers, emails, and spreadsheets to advanced technology platforms which are effective and agile in nature. Given the current scenario of growing organizational complexities comprised of increasing business units, distribution channels, geographies, human resources, etc., there is no doubt that organizations would need to adopt technology quickly. This is required to not only survive but to respond quickly and efficiently to business disruptions.

‍

How Has Business been Revolutionized?  

Over the last few decades, businesses have been revolutionized, and the ability to manage and control organizations while delivering strategic objectives has become paramount. Technology has acted as an enabler and aided organizations to conduct GRC related activities in a more holistic manner. While traditional methods and older GRC tools can support workflows or act as data repositories, modern cognitive solutions augment the human effort by seamlessly linking, predicting, and providing actionable insights. Now with the advancements in cognitive technologies over the last several years, modern tools and techniques can be leveraged to drive efficiency, effectiveness, and agility into GRC initiatives.

‍While traditional methods and older GRC tools can support workflows or act as data repositories, modern cognitive solutions augment the human effort by seamlessly linking, predicting, and providing actionable insights. Now with the advancements in cognitive technologies over the last several years, modern tools and techniques can be leveraged to drive efficiency, effectiveness, and agility into GRC initiatives.

‍

History of GRC Evolution from 2002 to Present Day

Understanding the history and evolution of GRC technology can help organizations recognize the immense value that the current state GRC solutions offer as well as its maturity along this journey. The phrase GRC was coined almost 20 years ago by GRC Analyst and Pundit at GRC 20/20, Michael Rasmussen. Since then, GRC has focused on the most critical external / internal obligations and risks related to an organization’s operations. The GRC model has transformed over the years with each phase building on the previous one. GRC “1.0” began in the year 2002 and was primarily focused on Sarbanes Oxley (SOX) compliance. Fast forward to the current landscape and many organizations are aligned with GRC “4.0”, which anchors on Agile technology, and we are paving our way towards GRC “5.0”, which is centered on Cognitive technology. Let’s look more closely into the evolution of GRC to understand how we arrived at this moment:

‍

• GRC 1.0, Sarbanes Oxley (2002-2007) – When technology was first shaped for GRC, it was defined for an integrated view of objectives, risks, controls, and policies. The focus was limited to Sarbanes Oxley Compliance and internal controls for financial reporting due to the critical nature of the new compliance mandate and the ability to implement the base foundation quicker since SOX had a more structure framework already in place.
• ‍GRC 2.0, Enterprise GRC (2007 to 2012) – As GRC technology advanced, an enterprise view of risks, controls and policies was developed, and the objective was to leverage enterprise-wide information for forming strategic policies and have multiple lines of business (LOBs) use an integrated GRC technology.
• ‍GRC 3.0, GRC Architecture (2012 to 2017) – This phase of GRC evolution saw an expansion of technology in GRC initiatives by connecting GRC systems with other business systems and building an integrated GRC architecture which was used not only in 2nd and 3rd lines of defense (LODs) but also in 1st LOD for active risk and compliance decisions aligned to everyday business goals.
• ‍GRC 4.0, Agile GRC (2017 to 2021) – With the need to design configurable GRC technology solutions that could be customized to the requirements of an organization, updated frequently for advanced features, and provided an engaging end-user interface, Agile GRC was born. It is currently the most widely used GRC version by multiple organizations. ‍
• GRC 5.0, Cognitive GRC (2021 thru current day) – The focus of this version is not only to /facilitate compliance but generate actionable insights in the quickest timeframe possible to setup a business for success, and ahead of its competition. GRC 5.0 is anchored in the use of artificial intelligence / cognitive technologies including natural language processing, predictive analytics, etc.

‍

Technology, along with maturing processes, has been pivotal in handling compliance and corporate mandates throughout evolution of GRC. The more advancements made in cognitive technology, the more compelling it has become to take advantage of the sophistication and benefits within enterprise wide GRC initiatives. Through weaving artificial intelligence, natural language processing, neural networks, machine learning, predictive analytics, and other advance technologies into existing programs elevates human capacity and domain knowledge proving the ability to more quickly detect potential issues, devise solutions, and mitigate risks.

‍

Why is AI Cognitive Technology Important for GRC?

Over the last 3 to 4 years, cognitive technology has evolved, and it continues to improve at a significant pace. This advancement has helped businesses reduce the complexity of critical processes and the time to consume, and disseminate, often time-sensitive data. The evolution and melding of these technologies with GRC create competitive advantage and significant financial and operational opportunities for corporations. Now cognitive technology is improving the ability for businesses to handle change that is characterized by its velocity, variety, volume, and ambiguity.

Today’s cognitive solutions can leverage artificial intelligence and other advanced technology that can help businesses gain end-to-end visibility, improve GRC processes, and accelerate and augment decision making by the business users.

A holistic view of external and internal obligations on an organization’s internal control framework can now be automatically identified and analyzed. In no time, necessary actions can be taken on applicable GRC requirements, and the authoritative teams can take necessary actions to update their control framework.

Incorporating the power of cognitive solutions into GRC processes builds confidence in completeness and accuracy, ensures an organization that the policies and frameworks are up to date, and boost business operations. Embracing technology can address labor-intensive tasks helping employees focus on value-add activities that bring more insight and intelligence when navigating the organization and managing risk and compliance. With business decisions driven by analytics and data, there's so much more than firms can have done in a much more efficient manner. It is not Nirvana, but it is possible, and if adopted, these breakthrough innovations could be a game changer and allow for organizations to make quicker and better decision-making.

‍The Value Proposition  

‍
The clear value proposition of incorporating cognitive technologies into companies’ GRC processes aligns with:

· EFFICIENCY: time saved; money saved

· EFFECTIVENESS: accuracy, completeness, and thoroughness

· AGILITY: quickly identify relationships from different perspectives and react to changes in your regulatory, business, and external risk environments

Being more efficient, effective, and agile equates to more robust common control frameworks, more transparent and focused external obligation criteria, and stronger linkages between internal and external landscapes. Ultimately, this model is a differentiator creating a more resilient company that more easily manages the complexity, volatility, and velocity of the current dynamically changing business environment

[1] Source: From GRC 1.0 to GRC 5.0: A History of Technology for GRC | GRC 20/20 Research, LLC (grc2020.com)

‍

Check out these related blogs and resources  

• Blog Part I: AI in GRC: Re-Imagining Governance, Risk Management and Compliance with Cognitive Technologies ‍
• Blog Part III: AI in GRC: Leveraging Cognitive Capabilities to Create Value in Your GRC Processes
• Blog: https://www.4crisk.ai/post/regulatory-intelligence-how-the-regtech-sector-is-being-transformed-by-ai-in-regulatory-risk-and-compliance-programs