Image: astel design/Shutterstock

A recent report from GRC SaaS provider Galvanize uncovered a strong push in the post-pandemic era toward the adoption of cloud-based technology. It also demonstrated the critical value that governance, risk and compliance professionals bring to the C-suite, as well as the top concerns from and the evolving role of GRC professionals: IT compliance, security and privacy (47%), cybersecurity (43%) and fraud and corruption (29%).

SEE: Research: Video conferencing tools and cloud-based solutions dominate digital workspaces; VPN and VDI less popular with SMBs (TechRepublic Premium)

Key findings

  • 79% of survey respondents found it challenging to get the data they needed to do their jobs.
  • 68% of survey respondents rated integrated GRC software as totally or mostly efficient, compared with only 49% of those using Microsoft 365 for GRC purposes.
  • 63% of GRC professionals who use integrated technology have complete visibility into the risks faced by their organizations and how those risks tie back to their work; twice as many as those who use Microsoft 365.
  • 62% have seen growth in the scope of their roles.
  • 62% find that gaps in time, technology or human resources prevent their organizations from executing their plans.
  • 58% have seen their workloads increase.
  • 54% said they have complete visibility into the risks faced by their organization.
  • 53% of respondents said their organizations now perceive them as being more valuable.
  • 45% are still using Microsoft 365 tools to manage critical programs and documents.
  • 38% said their roles have become more risk-focused since the pandemic.
  • 32% of GRC professionals have fewer resources than they did before the pandemic.

This ties into an upcoming shift in GRC operations; while only 30% of GRC professionals use cloud-based technology, 41% of survey respondents say they are planning to adopt it. Organizations that had already opted for cloud-based solutions had a better time shifting to fully remote work, demonstrating the current workplace reality.

As Galvanize pointed out, “status quo tactics and tools can result in lost data, increased errors and difficulty keeping track of processes and progress.”

Therefore, GRC professionals need to focus on cloud-based technology options to stay abreast of the upcoming changes; options which can address the above concerns and needs. A unified view to consolidate data and focus on the information needed to make informed decisions is crucial.

SEE: The future of work: Tools and strategies for the digital workplace (free PDF) (TechRepublic)

In addition, GRC staff should focus on machine learning, artificial intelligence and robotic process automation to monitor risks and recommend new controls in near-real time, in addition to exploring products and solutions with built-in cognitive capabilities and predefined configuration flexibility. Automated workflows are a key element to helping GRC professionals do their jobs by streamlining operations and eliminating manual tasks.

The goal here is to achieve greater visibility from cloud-based products in order to support business continuity.

Additionally, security needs to be inextricably linked to cloud-based GRC operations, in themselves and in determining security conditions for the organization. Compliance and threat mitigation are top priorities, and better visibility and control mechanisms with real-time risk monitoring can help bring these to success. Galvanize suggests: “When evaluating options, look for vendors who have domain experience, who understand your industry’s security and compliance requirements and concerns, and who have high levels of security certifications such as Impact Level 5.”

“Much like we saw in the Roaring ’20s of 100 years ago, the biggest post-pandemic concern is a return to the new normal,” said Dan Zitting, CEO of Galvanize. “The fastest route is through technology—especially for the GRC industry. The data shows indisputable benefits: more visibility into risk, decreased workload, and more efficiencies. It’s promising to see the strides GRC practitioners are taking to implement cloud-based technology so they can maintain their position as strategic advisors to their organizations.”