Governance, Risk and Compliance (GRC) can be described as the quiet corner of the boardroom; it is important but is rarely seen as high energy. You have policies created, risks categorized, and reports complied with before everyone moves on.
This model assumes that the pace of business is slow and allows for the oversight model to work. That has changed.
Active Governance, Risk and Compliance was created in response to that misalignment. Rather than risk being reviewed after the fact, organizations are beginning to monitor their risk in real time. This is moving to be less about written documentation and more about creating a decision-making process that is perpetually active.
For example, take a fintech company that develops a new payment mechanism. In a passive governance review, the organization would review compliance after deployment. In an Active Governance model, risks would be identified and escalated during the deployment of the new payment mechanism. If the organization implements an alert system resulting in a better decision-making process, some warning signs could be resolved before they become a major business disruption.
Check out: Governing Risk in the Era of Autonomous Systems
Unlock Premium Content
Subscribe to our newsletter to read the full article.
