The GRC software market has several different sections, ranging from full-fledged integrated GRC platforms to specific point solutions, and each of these can help a company deal with many different problems or tasks. The joining point of all of these different products is that they help answer the questions that the caveman asked eons ago: “How best to manage risk?” and “How best to integrate these risk management solutions into a productive business model while maintaining corporate integrity at the highest regulatory levels (direct translations from cavemen are rarely this coherent)?”
When it comes to putting together a GRC platform—or using any of Onspring’s other solutions—It doesn’t matter what kind of cooking personality you have. If you use our professional services team to lean on or you do it yourself, the results will be good. Anyone can do it—it’s just like when you’re cooking; you need the confidence to go into your kitchen and say, “I might burn this cake or destroy this pie, but I also might make something really good. If I fail, it won’t be for long.”
I am what you might call a late bloomer. It took a while, but I finally feel like I’m coming into my own with this whole “being a professional” thing. I share this because in my early days as an internal auditor I didn’t really grasp the concept of why we were doing what we did, let alone how we were helping drive a risk-focused culture in our organization.
Much like my fishing trip, you should begin defining your requirements and planning early on, maybe even wade around in research materials for a few months before beginning the purchasing process itself. It is of paramount importance to ask yourself the tough questions that will help shape and define your scope—questions around your budget, specific needs, timeline and workflow requirements tend to work best.
One of the prerequisites to acquiring a GRC platform should be like a lot of other major items that are bought; when you are looking to make a major purchase or acquisition, consult many people in a lot of different areas. Ask your friends or colleagues, read reviews, do extra research, and as strange as this seems, even see what the trolls of the internet have to offer.
The Onspring Sales team knows you probably don’t want us to sit on the couch with you and watch Onspring videos after just having spoken for the first time, but we do our best to make you feel at ease with the resources available to help with education and awareness of where you’re at with your processes and where you can be in the future.
Onspring’s leadership, product, solution engineering, professional services and sales teams have hundreds (yes, hundreds!) of years of combined experience in business process automation with a focus on GRC. Nearly all of us here have had experience working for other GRC software providers or have helped to deliver consulting and implementation services across nearly every GRC product listed in a review, quadrant, report or software list.
When GRC platforms started becoming a “thing” in the mid-2000s, there were only a few major players in the market. They focused primarily on IT: whether it be controls, policies or risk management. Additionally, with the Enron and Worldcom scandals, SOX and its myriad of financial reporting controls quickly became platform offerings as well. As the market started expanding quickly at the turn of the decade, the concept of “eGRC”, with the “e” standing for enterprise, swept the landscape. Why settle for managing IT processes when many of the tools were capable of managing an entire organizations’ Governance, Risk and Compliance frameworks? The natural progression had begun.
If in your current state, your audit team has to spend time creating work papers manually and then saving them and going back and looking at them, that’s a manual step that is something that could be easily repeated in Onspring that ends up saving a lot of time. Looking at how much time were we spending on admin work in the past and now how much time are we pivoting that toward audit work—time, saving time is a big ROI with Onspring.
I have always had a fondness for risk management; in my career, there have been many times where I have argued against something because it was too risky, at least in my eyes. Governance and compliance always seemed to be burdens to me, and to be completely honest, I was fairly prejudice against them. With compliance, I could see the benefit from a societal level, but at a certain point I viewed it as checking off proverbial boxes.
With automated processes in place, organizations save time and ensure best practices are implemented to improve overall operational efficiency. Using a GRC platform like Onspring can help you automate many, many different kinds of jobs. You can build custom workflows for repetitive tasks, create triggers to remind you when something is due, set up approval paths, auto-generate email notifications—our no-code platform makes a lot of things easy.
For all that you do and are trying to accomplish with the use of your platform, there has to be some form of accountability within the confines of using it within your company. That means validating the controls, testing procedures and risks, etc. Without accountability, without the audit element of someone coming in and saying, “Here is what is supposed to be done,” you will find yourself missing a key letter in GRC.