It’s Time To Think About The Power Of The New Generation: GRC Millennials

Daniel Morfin

Members of the millennial generation were born in the years between the early 1980s and the mid-1990s. They are the only generation that has spanned two completely different eras: pre-Internet and the digital age. We could even define this generation as the individuals who were born alongside the Internet revolution.

This “egocentric,” “self-interested,” “ambitious,” “phone-obsessed,” “unfocused,” and “difficult to manage” generation (now around 24–39 years old) is the largest workforce within companies today. Not only this, but these “independent,” “dreamers,” “flexible,” “multi-tasking,” “fast adopters,” “oriented to teams and people,” “entrepreneurs” will represent 75% of the global workforce in companies in 2025 (then around 31–45 years old), according to studies.

This generation of employees, customers, families, and shareholders will continue to change the way we do business. They will seek ways to change the world, offering a technology-driven approach contributing to making a financial impact, and more importantly, a social impact.

So, what role do millennials play today in organizations in the areas of governance, risk, compliance (GRC), and internal audit?

Are millennials killing risk, compliance, and audit?

I am part of an internal auditors’ group, and in conversations with the directors, I have identified a pattern: They are continually looking for new internal auditors to work in the area. They are struggling to encourage the new generation to come to work and stay engaged in these areas. They have also confirmed that finding new talent with a certain profile to join the team is getting more difficult. When asked what is happening, most blame the millennials for killing risk, compliance, and internal audit.

I wonder if the millennial generation is really responsible for this, or whether risk, compliance, and internal audit topics are just not of interest to them?

Let’s break this down.

Is GRC killing millennials’ expectations?

First, GRC and audit are known for their lack of technological support. The challenge in these areas is to operate “manually” at the speed of the digital world. These departments invest significant amounts of manual time investigating, collecting, analyzing, monitoring, and reporting their activities, trying to provide a vision of the company (praiseworthy). As most people know, however, the fuel for this Internet-plugged generation is the technology that gives them more flexibility to facilitate and improve their life and work.

Having said that, let me ask: Are millennials “killing” these areas, or are these areas “killing” millennials’ expectations? Can we find ways to help this idealistic and fantastic generation to think creatively and keep them in the field?

One answer: Reinvent with technology.

Risk issues are definitely front-of-mind for millennials

Second, I cannot imagine that risk, compliance, and internal audit topics are not of interest for this generation. Today’s risk perspective is more complex and interconnected; companies must be ready to mitigate risk and change as quickly as possible. Boards are demanding more visibility and transparency to identify, analyze, and respond more proactively to potential risks and opportunities.

This and the next generation are exposed to many more risks than before. Consider just a few examples: fraud and transaction detection, third-party risk management, data security, identity and access management, cloud security, control and power over data, data protection, and so on.

Besides that, millennials do not want to be seen as just a number. They want to feel like they are contributing to something important, and risk management is and will continue to be an important matter.

And let’s keep in mind that millennials are motivated by the “social aspect” and loyalty that can be gained through competent risk management.

SAP, GRC, and the next generation

What is SAP doing for the next generation in the areas of risk, compliance, and internal audit?

This is where the path to an intelligent enterprise begins. Start by identifying the voluminous and repetitive tasks or processes in the company or business areas. Then begin to automate processes with ease and intelligence so the team can focus on higher-value tasks. This will help retain top millennial-generation talents. They will be better able to provide the information executives need to predict potential risks with greater precision and speed.

Bottom line

Organizations are facing the need to adapt to the different generations. Some generations depend on their experience and knowledge, others on information and flexibility. With respect to risk and compliance, there is inevitably a need to invest in technology to help retain the newer generations and support their success. It is time to get down to work and build the road for the millennials.

If you are a millennial, I encourage you to stay tuned to the GRC evolution, because I’m sure we’ll be entertained for a while.

P.S. If you are worried about the millennials, Generation Z will arrive soon!

For more on this topic, please read The Role of Internal Audit in Digital Trust.

Follow SAP Finance online: @SAPFinance (Twitter) | LinkedIn | FacebookYouTube

This article originally appeared on the SAP Analytics blog and is republished by permission.


Daniel Morfin

About Daniel Morfin

Daniel Morfin is an evangelist in digital transformation for GRC and cybersecurity with SAP Global Finance and Risk Business Development, focusing on Latin America. With his extensive experience in GRC and cybersecurity in technology companies, he believes that risks are everywhere, making it important to understand them for better decision-making.