Managing enterprise GRC and big data – How can big data benefit the GRC process?


While trying to balance the risk/reward equation, financial institutions and GRC professionals must tackle the modern-day opportunity of big data. The challenges to be faced and potential lessons to be learned can be huge for an organisation.

For example, how can GRC professionals collect, manage and analyse an enormous and disparate volume of data to create and manage their own actionable intelligence covering hidden signs and patterns of criminal activity, the early or retrospective violation of regulations/laws/corporate policies and procedures, emerging risks and weakening controls?

As revealed by recent Forrester research, high-performing companies – effectively, those that are growing 15% or more year-on-year compared to their peers – are taking a selective approach to investing in big data.

There is an ever-increasing volume of regulatory demands and fines for getting it wrong, limited resource availability and out-of-date or inadequate GRC systems all contributing to a higher cost of compliance and/or higher risk profile than desired – a big-data investment in GRC clearly falls into this category.

However, to make the most of big data, organisations must evolve both their business and IT procedures, processes, people and infrastructures to handle these new high-volume, high-velocity, high-variety sources of data and be able integrate them with the pre-existing company data to be analysed.

GRC big data clearly allows an organisation access to and management over a huge amount of often very sensitive information that can help create a more risk-intelligent organisation. This also presents numerous data governance challenges, including those of regulatory compliance and information security.

In addition to client and regulatory demands over better information security and data protection, the sheer amount of information that organisations deal with and the need to swiftly access, classify, protect and manage that information can quickly become a key issue from a legal, as well as technical or operational, standpoint. However, by making information governance processes a bigger part of everyday operations, organisations can ensure data remains readily available and protected.