Due to an increase in regulatory requirements over the last 20 years, large and mid-size companies have made significant investments in GRC applications – the term GRC can refer to applications which help clients track and review status of various risk assessments or compliance programmes and can also refer to specialised applications that cater to very specific risks (e.g. ERP security and controls). These projects incur large capex investments which provide business benefits via ease of compliance management and automation of key control activities.
- However, these applications require specialised in-house resources who act as administrators or support staff which adds annual operational expenditure.
- Also, given the specialised nature of these applications, the audit and control teams rarely have the bandwidth to utilise the functionality available – a lot of times, these applications aren’t utilised effectively and there is a degeneration of processes leading to wasted manual effort in using them for compliance purposes.
- Eventually, clients do not realise expected ROI from these business investments which directly impacts their annual compliance and audit programmes.