What’s Next for GRC in 2023?

There’s a lot going on around the world right now that is shaping both the risk environment and the challenges & opportunities facing organisations both large & small.

As we head into 2023 against a backdrop of significant inflation, a major war in Europe, a huge energy shock, pandemic fatigue, political uncertainty, global debt, rising interest rates and what feels like an unending stream of climate-induced disasters – business leaders might be wondering about the top GRC trends that will shape the world of risk intelligence over the coming year.

With the rate of change happening faster than ever in our world – the kind of risks inundating businesses evolve daily: from geopolitical & environmental risk to third-party and cyber.  These problems unfortunately don’t exist in isolation – they’re interrelated risks that demand a holistic response. Megan Greene, Senior Fellow at Harvard Kennedy School and Global Chief Economist at Kroll Institute recently noted that rarely has the world faced this many interconnected crises, but there is always opportunity in volatility.

To thrive in today’s interconnected risk environment, progressive organisations need an expansive view of risk to make data-backed strategic decisions that strengthen business resilience and performance.

With everything that is happening around us, Camms has been hard at work delving into the specific trends GRC professionals should watch out for in 2023. Based on the interactions with our customers and industry leaders, we have identified 5 key trends that will shape the GRC sphere in 2023 and beyond!

1.    The Agility & Resilience Imperative 

Agility involves having the right business intelligence to make fast decisions and a well-structured business model to implement change at speed. While resilience involves being prepared to react to both short term shocks & outages and ensuring the long-term sustainability of the organisation. Resilience should integrate with enterprise-wide risk management and work across the firm to provide a comprehensive view of what’s at stake. In a nutshell agility and resilience are two sides of the same coin and should be interconnected.

Being agile, and resilient and maintaining integrity in today’s increasingly interconnected environment requires contextual awareness of risk, particularly in the era of ESG. GRC Pundit, Michael Rasmussen recently stated that ‘’organisations need to have risk under one roof to see the intricate relationships and the impacts of objectives, risks, processes, and controls with complete 360° situational awareness, intelligence, and holistic visibility.’’ This can only mean using one single platform to consolidate strategic planning, GRC, and ESG for complete visibility and alignment.

Michael also noted that in the face of new regulations, agility will provide organisations with that much coveted competitive advantage.  “Keeping pace with the steadily growing list of regulations such as CSRD, SFDR, CTDPA, ADPPA, EU-US DPF, CDPA and UCPA presents a formidable challenge. Stakeholders across the organisation will be required to remain agile throughout 2023 when it comes to tracking and addressing strategic areas of compliance that are sure to arise throughout the coming year.”

In their 2022 Global Risk Survey titled “Embracing Risk in the Face of Disruption”, PwC found that when organisations leverage intelligent technology to provide a ‘panoramic’ view of risk,  Boards and their executives were 5 times more likely to have high confidence in the organisation’s ability to deliver better business outcomes, building stakeholder trust and providing greater resiliency.

“Agility is the answer to the success of future business models and strategies for growth. Which is why developing an agile GRC programme is vital to continue protecting the business from a significant risk event.” – Daniel Kandola – VP EMEA at Camms

2.    Third-party Risks to Become More Critical 

When you work with vendors, their risks become your risks! Thanks to today’s amplified digital interconnectedness, third-party risks have become a major area of concern for organisations. Recent instances of cyber security breaches via third parties have aptly illustrated how a security incident at one organisation can quickly travel to and paralyse several other connected businesses.

An increasing number of organisations find themselves relying on third parties for everything from technical support, facility management, security, and legal services to external contractors & suppliers. Incorporating third-party services can make your business more competitive by allowing you to leverage specialised skills & expert knowledge without burdening yourself with developing internal programmes. Yet as a relationship with third-party vendors expands – the potential for vulnerabilities grows. 

Moving forward businesses will need to assess their third-party vendors to identify those who are mission-critical, understand & manage the potential risks associated with each supplier, and build a view of the overall reliance on each third-party by other vendors and departments.

GRC professionals are already facing increased pressure to step-up and get a better handle on third-party risks as part of their broader risk framework. Amid escalating economic uncertainty, organisations will need to adopt a proactive approach to third-party risk management. A holistic GRC software solution – with third-party risk capabilities – has the functionality to centralise the essential information about your company’s vendor network, making it easier to manage performance, costs, and risk.

“Managing third-party risk is critical, no matter the industry you operate in or the size of your company. With vendor management software that scales as your business grows, you can automatically assess risks, identify potential threats, and act before it’s too late”. – Brad Smith, Principal Consultant at Camms.

3.    Putting Enterprise Performance at the Heart of GRC

Enterprise Performance and GRC are destined to grow even closer in 2023! Traditionally GRC has focused on reducing risk, ticking the mandatory compliance box, and implementing rules to ensure fair ethical practices – without any real focus on improving the overall performance of the organisation. This is set to continue to evolve and improve the narrative of risk in 2023 as more and more businesses come to realise that by linking their strategic goals & objectives to GRC data, they can make strategic decisions and take calculated risks in pursuit of their enterprise performance objectives.

To really understand the impact certain decisions will have on enterprise performance, organisations need to feed in operational & transactional data from other systems into their GRC programmes. Leading GRC tools make this possible using API integrations with other systems & data sources which pull the data into the GRC tool – making it easy for organisations to set controls to flag unusual activity, spot trends & risks, and uncover areas for improvement.

GRC Pundit and thought leader Michael Rasmussen recently took part in a webinar with Camms where he discussed ‘Why Enterprise Performance Should be at the Heart of GRC. He highlighted the importance of linking and mapping GRC to strategic goals, and we are sure this will continue to be a trend throughout 2023.

Putting enterprise performance at the heart of GRC helps identify risks more effectively that may impact multiple departments which can help businesses prioritise mitigation activities which can benefit more than one function. Marrying these two concepts together to create a symbiotic relationship that drives organisational value requires the right technology to facilitate the complex mapping required.  Apart from the technology, an organisation’s values, processes, and regulatory obligations are vital to the way it monitors, detects, and manages risk.

“Integrated GRC goes beyond just risk. No matter how you choose to view these approaches, a robust and well-rounded strategy requires technology to help you visualise your data effectively, come up with actionable insights and aid you in achieving your enterprise performance goals.” – Daniel Kandola – VP EMEA at Camms

4.    ESG: From Nice-to-Have to a Must-Have

The buzz around ESG is very much real and the practice of addressing it as part of a holistic GRC effort has increased recently – with ESG efforts driving investment strategies, board deliberations, consumer behaviour, and employment decisions.

Large-scale trends shaping the ESG-investing world are well-known at this point and include: new regulations, social inequalities, climate change risk, the growing threat of biodiversity loss, and the moral, ethical & environmental standpoint of an organisation. From maintaining accountability for Diversity, Equity, and Inclusion (DEI) to cracking down on corruption and reducing emissions & energy consumption, organisations must take ESG monitoring and reporting seriously moving forward to 2023 – or they risk falling behind.

Regulatory pressure too is increasing and is now top of mind not just in Europe, but increasingly in the APAC and US markets and includes requirements for financial institutions to conduct climate stress tests, deforestation-free market-access rules, investors getting ahead of potentially mandatory requirements, and reporting on the SFDR’s Principle Adverse Impact indicators – just to name a few.

In the USA, Biden’s administration is facing increasing calls to stop businesses from greenwashing and they are taking more stringent action to crack down on it, especially considering the administration’s strong stance on climate change. The Dutch Authority for Consumer & Markets (ACM) is acting against 6 clothing retailers alleged to have made significantly misleading claims about their sustainability initiatives, while the UK’s Competition & Markets Authority has developed a green claims code to combat the issue.

An appropriate approach will include identifying the ESG goals of your organisation and tracking & monitoring the related issues such as DEI, worker safety, and net zero & carbon emissions objectives. Smart organisations usually centralise their ESG strategy and sustainability plans using GRC software with compliance, risk management, strategy planning, and incident management functionality – to build an ESG programme that integrates with their existing GRC universe.

Monitoring and reporting on the relevant data parameters in real-time with the mindset of continuous improvement will help your organisation gain the necessary understanding of the past, present, and future to ensure that competitive edge!

“To stay ESG positive it’s essential to address ESG as part of your holistic GRC programme. By integrating your existing initiatives, data, and goals into a robust GRC platform, organisations can gain insight into their ESG progress and the associated risks.” – Brad Smith, Principal Consultant at Camms

5.    Cybersecurity to Remain a Major Part of your Business Plans

There is no doubt that cyber risk will remain in the headlines in 2023 and that a long overdue reform of digital and cyber risk oversight may be at hand. The new year could put the corporate boardroom front and centre in the cybersecurity discussion — and see boardroom transformations that finally catch up to the reality of cyber risk.

Bob Kress, NACD Board Leadership Fellow noted in a recent Forbes article that the day of reckoning is at hand for corporate directors and their effectiveness in governing cyber risk issues. “Systemic cyber risk has introduced an inherent and distributed risk environment that most, if not all, businesses and their Boards are ill-prepared to handle.”

Over the past couple of years, despite the impact and rapid emergence of cyber risks, corporate governance policies & practices on cyber risk have been lagging. Now as multiple (direct and indirect) digital and cyber forces converge, 2023 will see corporate boards and their directors under pressure to adapt their approach to cyber governance.

Many CIOs have outgrown the traditional confines of their role and are acting as key business strategists and working with the Board and their C-level peers to create the business solutions needed to survive and thrive in contemporary times. To continue adding value, they will need to focus more on the right technology and strategic partnerships to set up the organisation for long-term success. CIOs, as the change leaders in the organisation, will need to be the ones leading these innovative efforts and advising the board. 

Cyber security is not a project but an ongoing programme to build security into the DNA of the organisation. Pursuing a broader risk management perspective that includes compliance with regulation is more important than just having a checklist.

“The cyber risks that we are seeing currently are here to stay, so it’s important to ensure that organisations go about building cyber resiliency that is able to withstand attacks and continue to operate – to do this well you will need a cloud-based integrated platform you can trust, in order to deliver the visibility needed to determine a robust risk posture for effective cyber risk management” – Daniel Kandola – VP EMEA at Camms

Create Value with GRC Technology

With ongoing technological advancements, a volatile economic and geopolitical landscape, mounting regulations, and evolving environmental and social factors, the uncertainties and challenges faced by organisations is only set to increase.

Cultivating a culture of agility, resilience and integrity and taking control of third-party relationships will improve the progressive organisation’s risk attitude. Business risk has the potential to become a strategic opportunity when businesses empower their risk teams to become ‘changemakers’ and commit to robust ESG monitoring & reporting practices.

The penultimate goal for any organisation is to transform risk into a strategic opportunity. As we prepare to step into a new year, it’s important for GRC professionals to step back and reflect on the many lessons that the past 24 months have taught us, address tough decisions, and become 2023 ready – agile, resilient, connected and purpose-driven being key.

While organisations have always faced risks – they have not been inundated with the diversity of risks they face today, all of which call for new and fresh approaches to Governance, Risk, and Compliance. The best and most successful organisations centre their GRC programmes around technology that facilitates the sharing of data & insights across the wider landscape to provide visibility of goals & objectives, and any potential risks across the entire organisation.

Adopting best-practices and the right GRC software to complement is key to making informed, risk-aware, and data-driven decisions.  At Camms GRC is in our DNA. Our unique ability to link risk to business objectives in a single platform has the potential to empower your organisation to reliably achieve objectives, navigate uncertainty, and demonstrate integrity. To learn more about our powerful, agile, and scalable platform Camms.Risk, simply request a demo.