Transcript

Hello, this is Kevin Donahue with Protiviti, welcoming you to a new edition of Powerful Insights. We’re producing a series of podcasts on GRC programs and technologies, obtaining perspectives from Protiviti leaders and subject-matter experts around the world on GRC drivers, innovations and challenges in their markets.
This episode features my conversation with Protiviti Managing Director Scott Bolderson and Associate Director Nicolas Perna. Scott is a leader within our business performance improvement group, while Nicolas works within our Technology Consulting practice. Both are based in London. They offer their viewpoints on GRC developments and advancements in their market. Scott, thanks for joining me today.



Nice to be on the call with you, Kevin.


That’s a good question. What we see across our clients is that business and technology changes are accelerating, so companies are really keen to put in place technologies like GRC just to make sure that they are on top of new regulations. What I would like to add as well is that risk landscape is evolving pretty quickly with GRC transformation. As another example, a company’s reputation can be manipulated by social media, for example. So, those are key drivers that push companies to think about GRC as part of their IT infrastructure, I would say.

Yes, I’d just add on that, Kevin. I think what was said is there’s more non-industry-aligned regulations such as GDPR; we’re seeing real demand outside of those traditionally related industries like the financial services. So, non-financial services companies are starting to understand what effective risk management is about to start value effective risk management, not only for regulatory requirements but also from an enhanced operations perspective and ensuring the management of risk properly. So, we’re certainly seeing as significant uptick in demand outside of financial services in the last couple of years.

Yes, that’s interesting and I guess expected as well. Nico, I just want to ask you about innovations. Nico, what sort of innovations in GRC are you seeing in the marketing with your clients right now?


I’d also just add to that, Kevin, in terms of the concept of creating a GRC ecosystem, an ecosystem of technology providers that complement the core GRC platform. So, we’re seeing innovation around workflow and workload management around the GRC platform. We’re also seeing innovation around automation of risk management activities, again, around the GRC platform. So, looking at third-party providers to really add in to that GRC ecosystem to both automate or effectively manage workflow.


We do implement a lot the Protiviti GRC solution, which is called the Governance Portal, which is an integrated GRC solution, and a lot of our clients use the tool for risk management for internal control, but we also see new topics like vendor risk management, for example, or GDPR compliance. Around the Governance Portal, we do see a lot of interesting Microsoft tools. So, as we said before, we see a lot of interest with BI reporting tools, and our BI, for example, is definitely one Microsoft tool that we do implement a lot for our clients within the U.K., but also within Europe.


I think both of you have touched on this concept of integrated GRC. What are some of the challenges organizations are facing right now as they pursue integrated GRC?


I think what we’re seeing in that new marketplace for integrated GRC and that sort of nonregulated environment, where we’re starting to see the value in this, is really all the challenges around building an integrated platform and its use in the business, and its culture in the organization, and GRC being taken seriously and not treated as a compliance activity but as a value driver for the business. That will continue to be a challenge across our markets.


Yes. I think that this is really the beginning of the journey, and I think that clients, generally speaking, are becoming more aware that GRC is part of the IT ecosystem and that they need to integrate with digital technologies like RPA, data mining and machine learning. One good example is control testing, for example, just to drive more of personal preference, I would say. I think that’s another thing to mention here, that governance frameworks with the digital transformation, I think that companies realize that they do need to have the right governance framework in place to be able to manage the risks linked to those new technologies, so that’s definitely a key topic for us as a consulting firm for the coming years.

I guess I’d probably reiterate some of the points I made earlier, which is, we see and demand from our clients in terms of understanding how they can leverage some of the digital transformation practices into their GRC programs through the innovative use of different technologies, different approaches to change management such as agile. I would also say, though, that for any GRC program, unfortunately, there is a perception that a GRC program is an inhibited digital transformation, and it shouldn’t be. It should embrace and be an enabler to more effective digital transformation. That’s all I’d add to that stage.

Scott, Nico, again, thank you for your insights today. It’s been a pleasure speaking with you. Thank you for listening today. You can find more information and podcasts offering perspectives on GRC from around the world at protiviti.com/grc.