Moving To The Cloud For Compliance: No Magic Without Integration And Automation (Part 2)

Jerome Pugnet

We’re witnessing a strong trend towards cloud-based technology offerings in governance, risk and compliance (GRC) right now, particularly in the area of compliance and internal control systems. In last week’s blog,  I talked about how the resulting hype makes it sounds as if—by a sort of magic—moving to the cloud would solve the pains of managing compliance and controls that too many companies today still  experience. However, outdated ways of managing compliance and controls with traditional niche GRC solutions have simply been transposed to many of the new cloud-based offerings. So how can companies ensure they are achieving the promised benefits with their chosen solution?

So it’s time to move to the cloud

Provided certain conditions are met (see last week’s blog), choosing a cloud-based architecture can actually boost the advantages that a truly integrated, automated GRC system already delivers.

Naturally, it will depend on the overall cloud strategy that each company has defined, but for those who are looking to move to a another level for their compliance and internal control systems, away from manual processes (“spreadsheet hell”) or fragmented systems involving various niche solutions, opting for a world-class GRC solution in the cloud can be a great opportunity to reap the whole range of benefits.

After all, while you are about to make that move, why not go for the architecture that is seen to be the way forward for the longer term?

What are the benefits of a cloud-based solution for your compliance and controls?

There are, of course, the more generic benefits that the cloud architecture can bring for GRC just like for other areas of the business. These include a more accessible price for a world-class solution, maintenance cost savings, and better collaboration, the latter being very relevant for GRC where companies need a robust “three lines of defense” approach to bring together operations, risk, and compliance specialists and auditors.

There are other important advantages to consider:

  • Implementing their new integrated, automated GRC in the cloud can also make it easier for companies to deploy their compliance and internal control processes at their own pace, and progressively take advantage of shared best practices and content to automate their controls; for example, adding new workflows, implementing standardized forms to streamline assessments, responding to regulatory changes more easily, and so on.
  • They can benefit from product enhancements faster, bringing in more automation for greater efficiency. This also allows them to move to a much more real-time compliance and control management, preventing problems and anticipating better. The technology supports this further by enabling them to manage their GRC on any device—fixed, portable, or mobile.
  • Last but not least, as a number of tasks are being taken care of for them through the cloud solution, companies can better focus their critical resources on the core GRC business and decisions, making sure that important issues are solved quickly and effectively, and areas of higher risk are more closely monitored and properly mitigated.

What about security?

Security is a universal and key concern as companies look to move into the cloud, and this is sometimes a factor that slows down the process.

Security is particularly important in the GRC space, because it involves particularly sensitive data and processes, and breaches could create serious disruptions and expose a company’s reputation.

However, cloud-based solutions have made tremendous progress in providing high levels of security, so it’s absolutely a good time to consider the move.

But as you do so, the importance of security is another reason for to choose carefully the partner with whom you will manage your compliance and controls in the cloud. Make sure you’re going for one who is financially strong, experienced, and delivers the best practices and features, both in terms of security and functionality.

Find out more (whether on-premise or in the cloud)


Jerome Pugnet

About Jerome Pugnet

Jérôme Pugnet is a senior director of GRC Product Marketing at SAP SE, based in London, and has over 12 years of experience in risk and compliance management, business process control, IT governance, fraud and audit management domains, in particular in the financial services industry. He has over 16 years of previous experience on financial software and ERP, in implementation engagements and pre-sales advisory roles.