Facilitating GRC Automation with Data Governance

By CIOReview | Wednesday, August 3, 2016
572
958
186

As a part of embracing new and improved Governance, Risk, and Compliance (GRC) management, today companies are implementing automated GRC software tools that can automate compliance assessment tasks. Though automated GRC eases managing workflow tasks related to risks and compliance, it has a good deal of front-end chores and human input required. Often a company’s data management objectives are interrelated with the automated processes.

The key to integrate automated GRC with contemporary data governance objectives is achieving a framework which represents a substructure on which quality fluxed enterprise data governance is built. The substructure needs to be endowed by senior management and funded adequately. The senior management should be accountable for their actions at the same time. Once the framework is geared up for certain governance and compliance objectives, the updates should be streamlined and compliance across other standards and processes must be employed. The built framework will vary based on the compliance needs of different organizations. Additionally, substructure needs to acknowledge a perpetual cycle where data quality issues are resolved at the source and not adjudicated in the process en route.

Significance of Data Quality

Data quality is trussed with data governance as the key function of governance. Quality must be endlessly measured and the results continuously fed to the governance process. Data quality is nothing like data cleansing since the organization’s resources are focused on addressing the quality issues at the source.  Source systems and data stores should also be a vital part of the automated GRC framework. This approach is much cost-effective and easier than data cleansing. The business owners of the source systems are accountable for the quality of the data.

Employing a single source system is a daunting task for large enterprises since they have several divisions and persuading so many divisions to use a single source system as a part of automated GRC framework is not easy.   Building meticulous structures for data quality management for verification and renovation of source data quality, and certification of target analytic data quality is a smart move.

A successful GRC automation can be achieved with the right foundation, by choosing the right team to analyze risk and compliance processes. Data governance has to gird more than just being a collection of ad-hoc data quality projects. There are various possible governance structures that companies adopt, but a familiar theme runs across most of the structures—segregation of activities and responsibilities into layers/levels, mainly strategic, tactical, and execution.

Strategic

The key responsibilities of authorities of the strategic layer are to ratify and modify data management principles according to the changing ecosystem of the organization. Functionaries need to ensure that on-going funding is available, opportunities and issues are identified, and costs and benefits are understood. Apart from defining priorities, strategic layer involves monitoring of on-going progress.

Tactical

Tactical layer breeds execution of priorities of the strategy. Officials should ensure the availability of processes and infrastructure, and should focus on coordinating tactical delivery. The layer asserts that the organization should leverage existing implementation and if that conks out, direct the focus on initiating separate projects. The responsibilities include managing and reporting opportunities and issues; analyzing costs; monitoring, tracking, and reporting on progress goals and objectives.

Execution

The execution layer mainly deals with implementing projects defined by tactical layer. Educating developers and end users on data standards and the importance of data quality is a prime component of execution layer. Internal and external data should be audited pro data quality to secure compliance against standards. The personnel of this layer should participate in system related projects to ensure standards such as data model and metadata are incorporated in development.

Using the layer segregation, organizations focus on defining risk thresholds and driving risk down to acceptable levels, improving the enterprise risk data management environment. Mapping risk and compliance goals into business metrics can be furthered by incorporating transparency in an organization’s priorities

An efficient GRC automation strategy scheme and tools will have minimal impact on company processes during implementation. Organizations should select products with testified scalability so it can adapt to changing compliance regulations. Automation allows organizations to deal with procedures in a more systematic way, since it is impossible to effectively and perfectly align risks and controls using a manual process. Having said that, data governance will continue to mature as factors that shape a company’s programs are changing.