Peering into the future is a mugs game. Get it right and nobody will remember your perceptive insights. Get it wrong and it’s probably too late for anyone to care. Still, somebody must try to clear the undergrowth a bit. Some effort needs to be made to see ahead and provide a route map for the rest of us to follow.
Martin Kelly’s well-written and easy to follow paper on the future of Governance, Risk and Compliance (GRC) spells out what is coming and how to plan for it. It is well worth some of your precious reading time.
Kelly points to eight global trends. None are new. All though, have important ramifications for anyone concerned with risk, compliance, leadership and the impact of technology.
What gives Kelly’s paper strength is his insistence on starting with known trends and extrapolating these into what these mean in simple and easy to understand terms.
Some of his predictions, such as a future of sluggish growth, low interest rates and tepid demand for products and service seem a statement of the obvious. As Kelley explains: “Most days, most things will stay mostly the same.”
Others predictions are more radical. Such as the expectation that what we think of as “the enterprise” will keep expanding.”
The changing definition of the enterprise is proving increasingly challenging. The implications bite through laws such as the UK modern slavery act, or the Foreign Corrupt Practices act. These will force all companies to assume more responsibility for their supply chain.
For a live example of this expansion of “what it means to be a business” we need to look no further than Unilever producing its path-breaking report on the company’s commitment to Human Rights. Just a few years back such a declaration would have seemed outlandish to many business people. Soon it will be the norm, at least for global companies.
Yet another trend is the tendency of companies to move from tangible assets towards intangible assets. These can be hard to get your head around. Patents, trademarks, brand value, good will, and even the skills of employees are all intangibles. Yet these have a growing impact on company culture and its overall performance.
An important trend Kelly highlights is the changes in cyber security. But what exactly is happening?
Kelley points to the need for organisations to do far more than manage ever more sophisticated ways of knowing who is interacting with the company’s technology—authentication. Instead the future will involve more emphasis on identity assurance. This is where businesses monitors users to gauge “normal” behaviour. And investigate abnormal activity—see for example, the growth of artificial intelligence to do this work.
The final trend to which Kelley draws attention stems from the other seven trends he identifies.
Are we running out people for GRC?
By 2025 Kelley predicts, there won’t be enough skilled people to manage persistent economic and regulatory risk. With more focus on the intangible qualities of an enterprise, vagueness and uncertainty will therefore get worse, not better. Responding to these trends mean changing how people behave. For ethical leaders, it means giving even more attention to the power and demands of affecting company culture.
For experts in compliance the trends will mean it will be important to learn how to leverage technology to influence the areas of governance, risk and compliance (GRC). There are already advances being made to help businesses implement GRC software to make this task easier.
As Kelley suggests, this may seem a statement of the obvious. Yet “the imperative behind it is more powerful and subtle”. It implies for example, being able to turn techno talk, techno advances, techno gobbledegook, into powerful messages for leaders and others in the organisation.
Quite simply there’s going to be a premium in the coming years for finding those with excellent communication skills. See for example—our free e-book: Charisma and Ethics
Two examples conclude this useful paper bringing to life issues the trends suggest. First, there is the job of nurturing a strong corporate culture, and second how to ensure effective third party oversight of compliance.
Altogether a useful and pain-free read.
What GRC Will Look Like by 2025 and How to Plan for it Now” by Matt Kelley, a White Paper from NAVEX Global.
