Over the past number of years, the term “cloud computing” has become more commonplace within daily corporate vocabulary. With many firms looking to harness more scalable and globally standardised methods of providing information technology and robust processes across their company. Enterprise Governance, Risk and Compliance (eGRC) is a business field with significant momentum in this area, with resilient technology adoption and reputation protection at the very forefront of companies’ list of high priorities.
However, despite recent advancements in technology, a significant number of multinational firms still operate with a dated myriad of risk management software tools and inconsistent processes via country and departmental silos. Reporting on risks, compliance and incidents can often be backdated by weeks – primarily due to the manual-heavy processes associated with pulling together key information (Excel spreadsheets, business intelligence systems, dashboards, legacy systems etc.).
Firms now have to recognise that they need to establish a flexible and secure foundation for delivering the services and experiences that will set them apart and build strategic competitive advantage.
According to the Institute of Risk Management (IRM), “the benefits of introducing a robust ERM – Enterprise Risk Management – initiative can reduce the likelihood and consequences of risks materialising, as well as deliver benefits related to better informed strategic decisions, successful delivery of change and increased operational efficiency”.
With firms often working towards various industry standards – such as ISO 31000 and the COSO Risk Framework – risk management has never held as high a position within FTSE500 and Fortune 500 companies as it currently does.
There is arguably a huge market opportunity for companies to build a secure and a competitive advantage via a ‘single source of the truth’. This is enhanced by instant company-wide reporting ability that truly embraces technology of the cloud. The ability to acquire real time data across a number of globally diverse locations is essential to risk mitigation.
Traditional eGRC policies and procedures have been pigeon-holed and do not recognise the corporate value in collating vital data across the business. Risk management is no longer just about giving visibility and control to what happens within the four walls of a business – it’s of global significance, with reputation and compliance firmly hinged on the intricate balance between risk and reward. BP’s well-documented Macondo incident emphasised many of the key terms within this model.
Understanding the true value in Enterprise Risk Management
A universal view of risk and compliance allows executive level management to analyse themes and build business improvement, profitability and value for shareholders. Business intelligence and a real-time overview of data allows for risks to be recognised as soon as possible and acted upon before developing into a compelling event, thus protecting corporate reputation and reaffirming compliance. Themes and areas of common incident occurrence can also be fed back to act as a prevention to escalation, rather than a retrospective cure to a catastrophe (in BP’s case this fine amounted to $18.7b).
A frequent reaction at times for cloud-technology is the question: "Is cloud software safe?" As far as cloud-based computing is concerned, one of the main fears associated with this platform is that it is easily breached and there are some doubts over its security. A number of recent hacking and cyber-attack incidents reported in the media have not helped with this perception.
Providers such as Amazon Web Services are validated and compliant with ITAR (International Traffic in Arms) regulations, a standard insisted on by many areas within the military and armed forces. Due diligence when selecting preferred suppliers and platforms is a business critical process for any firm contemplating a cloud environment.
The benefits of cloud-based ERM software are also boosted by the strategic evolution of this method of software deployment. Products in this area are characterised as being more future-proof and have the flexibility to update and upgrade globally with the touch of a button. Accountability and traceability are also major benefits of this system, whereby information can be captured to help identify the individuals involved, where the incident happened, and when it occurred. Modern technology (such as iPads, Tablets and Mobile Phones) also assist this dynamic process with global positioning tagging, imagery, annotation of diagrams and mobile distribution of software also helping the instantaneous style of data capture and carriage - used by the likes of Air Transat.
Software as a service – what is it and what are the benefits?
One of the world's leading information technology research and advisory companies, Gartner, defines software as a service (SaaS) as software that is owned, delivered and managed remotely by one or more providers. The provider delivers software based on one set of common code (sometimes termed as a tenant or instance) and data definitions that is consumed in a one-to-many model by all contracted customers at any time on a pay-for-use basis or as a subscription based on use metrics.
There are a number of key benefits why a cloud-based SaaS distribution model is preferable for multi-national firms:
- No initial high capital expense and lower monthly operating costs
- Ease of use and reporting
- Less need for bespoke work to modify product (off-the-shelf)
- No annual maintenance fee and less need for ongoing maintenance
- Accessible regardless of geographical location
- Scalability to roll out to additional business units without the time and effort associated with on-site consultancy
- Future proof and adaptable to fit multiple language requirements
Most companies that adopt cloud computing do this to save costs and deliver new capabilities in a cost-effective way. A major barrier to this successful adoption of cloud is software as a service, or SaaS is the fear of the unknown and a relatively risk averse culture. SaaS can be a game-changing alternative to the traditional ways of buying and using enterprise software.
One of the reasons that Ideagen Coruson is the best operational GRC product on the planet is its embodiment of the SMAC paradigm for enterprise productivity.
SMAC stands for Social, Mobile, Analytics and Cloud. The essential angle for business is that the convergence of these forces can be harnessed to create competitive advantage. In fact, is being harnessed by the smartest, best managed organisations. It's also worth noting that when done correctly, cloud offers better security than a hosted solution - for example, the security on offer from Amazon Web Services cannot be compared to that of an on-premise server room or even the average data warehouse.
Many firms still have reservations about Enterprise Risk Management via SaaS, especially around the aspects of security and reliability. This business model is becoming more common, which is causing these fears to fade and confidence in the platform is continuing to grow.
After all, why have silos dotted all around the world when you can have a single source of truth via the click of a button?