Digital Transformation In Governance, Risk Management, And Compliance

Thomas Frénéhard

These days, there are many Webinars, white papers, and so on relating to digital transformation. And most of them refer to supply chain or finance. But what about governance, risk, and compliance?

In a blog I wrote in 2016 (What Will GRC Look Like in 2021? An Anticipation Scenario), I suggested a few potential scenarios. Some are now mainstream … but I have to admit that some are still a few years from full maturity. Many existing technological advances can be leveraged to “transform” the way we do risk and control today. This doesn’t mean changing it completely, just making the best use of technology to support the process. Let’s take a look.

Big Data and analytics

Big Data and analytics are the most mature technologies that GRC can leverage, in my opinion.

Instead of testing a sample of data for a control on a monthly basis, why not test ALL the data continuously? This helps ensure that nothing falls through the cracks and that no data has been altered since the last test, for instance.

Similarly, being able to leverage the power of Big Data means that companies can run multiple risk scenarios and find the most likely outcome – either to prevent it, if it is a threat, or enhance it, if it is an opportunity. And this power is also supported by analytics that enable rapid creation and visualization of the relevant information, presented in a manner that suits each user and, of course, adapted to their needs.

Mobile – but not only

There was a time where convergence of user interface was key. The goal was to have the same look and feel on your laptop, tablet, or smartphone. But often, this simply meant having a user interface and mobile app that resembled each other in design.

What has changed is that the user experience is now the same with a single entry point, whatever the device. Meaning no more apps to download and update whenever necessary – and often when you most need to check a risk status. No more integration; the single source of truth is what you access.


Artificial intelligence seems to be a buzzword, it’s true, but it includes facets that GRC can leverage. Let’s take machine learning, for instance. Fraud detection can use this technology to ensure that the software solution learns from previous decisions made by the fraud investigators, thereby reducing the number of false positives that are flagged by automatically discarding the irrelevant ones. Predictive technology is another facet of artificial intelligence that can be used to run simulations and determine which approaches are the most effective in deterring anomalous and fraudulent activities.

Head to the cloud

Last but not least – and this list, of course, is not exhaustive – is the cloud. It’s not a new way of “doing GRC” per se, but a new way of “consuming” it. The cloud enables businesses to be much more flexible and nimble in the way they adopt GRC solutions. They can really tailor them to their internal, evolving organization by increasing or reducing the scope, as they see fit, more rapidly than ever before.

Bottom line

As you can read, most scenarios I had imagined for 2021 are not yet fully here. But others are mature, and I recommend investigating them. Governance, risk, and compliance is not just a tick-the-box exercise to ensure compliance. It is much more than that, and can enable competitive advantage over other players in a market by reducing exposure and increasing opportunities encountered.

Similar to the way some organizations use IT to provide an edge in their supply chain practices or customer relationship approach, I firmly believe that tech can be leveraged to deliver what GRC has to be: a business tool.

What about you? Does your company already leverage some of these technologies to transform its GRC approach? I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard.

Follow SAP Finance online: @SAPFinance (Twitter) | LinkedIn | FacebookYouTube

This article originally appeared on SAP Analytics.

Thomas Frénéhard

About Thomas Frénéhard

Thomas is part of the Global Centre of Excellence for Finance and Risk solutions where he has a focus on Governance, Risk, and Compliance topics. Prior to that, he was a Senior Director in the Governance, Risk, and Compliance Solution Management team. His particular responsibility was with Risk Management but other functional areas of focus were in Internal Control & Compliance Management and Audit Management. He is also a regular contributor on social media and presenter at various SAP and non-SAP conferences on GRC matters.