As demand for governance, risk and compliance (GRC) automation rises, many organizations are realizing there are relatively few automation options on the market to choose from. On one end of the spectrum, there’s Microsoft Excel and/or SharePoint, which is cost-effective under certain circumstances, but it presents its own set of limitations and challenges. On the other end, there’s a few enterprise solutions that are more expensive, but they tend to be very complicated, and arduous to implement. As a result, mid-sized enterprises and business units are left searching for a solution that’s actionable, quick to implement, and cost-effective to streamline the compliance process.
The benefits to automating GRC processes ensure strong internal control, mitigate risk, and often prove to be incredibly cost-effective – thus 83-percent of organizations surveyed in the 2017 Proviti Sarbanes-Oxley Compliance Survey have plans to automate at least some of their compliance process within the next year.
Why not, the benefits of automation certainly outweigh the traditional, manual process by:
• Decreasing reporting time
• Supporting external audit requests
• Providing consistent documentation (one version of the truth)
• Improving visibility into GRC initiatives and internal controls
• Reducing the number of people needed to complete initiatives
• Cutting the costs of initiatives
• Allaying fines, audit restatements, and SOX failures
• Reducing risks and prevent problems with continuous control monitoring
• Ensuring effectiveness of compliance spend
• Responding faster, more consistently to vendor risk assessment
• Engaging business process owners more
• Saving time by automating highly administrative or complex GRC processes, like gathering supporting documentation
• Responding quickly to business and regulatory changes
While it’s essential for an enterprise to have a handle on its GRC processes to avoid default, many automation options fall short of sharing and securing documents. While Microsoft Excel and/or SharePoint provides a repository of documents and spreadsheets, it limits visibility across fractured spreadsheets, lacks the integration of real-time data, and is limited in its ability to allow communication between stakeholders.
The other option: enterprise GRC software that’s costly, difficult to implement, and most likely has several functions or apps you don’t need, but you have to pay for as part of your service agreement. That’s why many medium-sized enterprises and business units have turned to Salesforce for their GRC processes.
Salesforce’s platform allows enterprises to automate their GRC processes and gain value from evolving technologies, processes, and data to improve business performance and compliance, while reducing costs. Additionally, because of the nature of Salesforces’ business, the platform is completely secure and has many tools businesses need for GRC, which makes integration easier. The Salesforce cloud-based platform enables companies to operate with the flexibility and speed needed to adapt to the dynamic world of compliance. Moreover, the Salesforce platform offers both core and advanced features that can be very effective for ensuring controls are in place and well defined. For example:
A central feature of strong internal controls is adherence to a process. Normally when a new financial process is rolled out, we find that roughly: 33% of managers implement successfully, 33% are partially successful, and 33% did not implement. It is also typically several months before the process can be audited or examined and corrective actions taken. By including key control processes in Salesforce, managers can ensure that either implementation is successful or there is immediate data showing who did not implement the process. Simply put: users must follow your processes and controls or they can’t save the record and continue.Salesforce allows you to customize the Risk Control Matrix or Risk Factor Identification Matrix – or whatever your company calls this key document, and define the information contained within. Often considered the “backbone” of control documentation, it documents and manages changes to the data requirements as requests come in from external audit, audit committee, management, etc. In addition, you will be able to run reports on which control/risk/process owners exist within a process or location without sifting through 50 or more spreadsheets.Invariably your internal controls, processes, and the way you document and test them changes over time. Therefore, it’s essential that your platform is flexible, so it can be configured and reconfigured, and re-re-configured easily and cost effectively. The Salesforce platform was designed for sales teams to adapt quickly to rapidly changing environments and this same functionality is available for GRC purposes as well.
About Compliance Central
Compliance Central provides automation and controls solutions for governance, risk management and compliance and is continually developing new functionality and enhancing existing features. Our deep technical background gives us the ability to speak the language of our customers to develop software solutions that really work.