ERP Insights >> Magazine  >> March - 2016 issue

Mobility in Governance, Risk Management and Compliance a 'Must Have' Element in Organizations

Author : Sadananda Vaidya, Portfolio Manager, Production Engineering, MetricStream
Sunday, April 3, 2016

Sadananda Vaidya, Portfolio Manager, Production Engineering, MetricStream

In a world where business is not confined to one office or even a specific geography and where important business decisions often have to be made on-the-go, mobile devices are no longer viewed as a 'nice to have' element in organizations. Mobility has rapidly become a 'must have' as executives who lead teams and make important decisions are expected to collaborate, analyze and lead their teams from any part of the world.

Governance, Risk Management, and Compliance (GRC) solutions are no exception here. GRC has become an essential business application in organizations, large and small, which are looking to gain a better understanding of their business in the context of today's evolving risk landscape where regulatory requirements are becoming more stringent and corporate governance is in the spotlight. In this current business context, mobile GRC applications support productivity and real-time analysis and decision-making. The ability to understand, engage and communicate with constituents around the world in real time, as well as ensure a tighter top down and bottom up governance process can be done easily and effectively with mobile GRC applications.

Implementing Mobility for GRC

If your organization or business unit is looking to reap the benefits of mobility in GRC, here are some areas to keep in mind:

1) Identifying Business Processes and Workflows: An organization or a business unit has to determine which workflows and business processes can be mobilized. Many activities like conducting surveys, carrying out audit activities, or triaging customer complaints or issues are easy areas to start with.

2) Identifying the Right Use Cases: The organization or the business unit needs to identify the use cases that can be mobilized. Obviously, you won't put your entire desktop on a mobile application. Effectively selecting the right use cases is an important first step in the broader mobility implementation effort.

3) Number of Users: Mobility efforts can be implemented in a phased approach, for example, you can start with 30 percent of the overall user base in the first phase. This can give your IT and other project teams more time and bandwidth to implement the mobile solution most efficiently and effectively.

4) Demonstrate ROI on your Use Case: Capturing and reporting out on the ROI is important for demonstrating value. This also helps in supporting future decisions about the capacity and scale at which additional solutions need to be implemented.

5) Type of Devices: This has a heavy bearing on the technology infrastructure that is to be used as well as the overall setup. Whether or not iOS / Android / Windows Mobile needs to be supported is an important decision that must be made upfront, as the solution, cost and approach of the app delivery will vary considerably.

6) Security versus Usability: This is one of the most important things to take focus on. Whether you implement Bring Your Own Device (BYOD) or Corporate Owned Personally Enabled (COPE) each will have an impact on how the security model has to be built for mobile applications, as well as the data backup mechanisms.

There is always a fine line between applications that are 'user friendly' versus applications that are 'secured'. Building in the right level of security as per the company policy regarding mobile applications and infrastructure is very important. Mobility solutions for the GRC space typically include the following features:

1.People on the move should get the right notifications at the right time across various touch points
2.Approval of accesses, deviations, buying decisions through a single platform
3.Dashboard of current issues and their status across all GRC apps, supported with the right GRC metrics
4.Modules which help Auditors do inspections and field work offline, without Internet access or connectivity
5.Location enabled audit and survey apps, which simplify the process of capturing video or photo content and uploading to the application for analysis
6.Access to right set of supporting documents for decision-making

To conclude, by mobilizing GRC applications you can help transform the effectiveness of how risks are being identified and managed. If you have not already mobilized your GRC program then it's time to think about how you can play a role in making GRC truly pervasive across your organization!

Facebook