Integrating GRC Into Your Digital Transformation

Integrating GRC Into Your Digital Transformation

According to the 2019 IDC market forecast report #US45003718 titled, Worldwide Governance, Risk, and Compliance Software Forecast 2019–2023[i], GRC software is at the forefront of digital transformation by offering deep integrations with emerging technologies that enable the digital transformation such as artificial intelligence, machine learning, predictive & descriptive analytics, Internet of Things sensors, 5G, edge computing, automation software, blockchain, mobile computing, and cloud computing. Each of these enabling technologies has its own risk and compliance requirements that need to be managed. IDC estimates that the digital transformation spent across all industries was $1 trillion in 2018.

Additionally, according to IDC’s 2019 Legal and Corporate Strategy Digital Transformation Survey[ii], 92% of respondents had transformed or were currently transforming their compliance management, and 84% had transformed or were currently transforming their risk management activities. Digital transformation is not yet complete and will continue to drive more GRC demand.

What is digital transformation?

Digital transformation is the integration of digital technology into all areas of a business, fundamentally changing how organizations operate and deliver value to their customers by enabling greater agility, efficiency, effectiveness, productivity, transparency, better decision making, and significant cost savings. According to the MIT Sloan Management Review[iii], organizations vary in their digital maturity, and those that are more mature outperform those that are not. Illustrated below is the Four Levels of Digital Maturity model created by MIS Sloan and Capgemini Consulting utilized to describe the current digital maturity of an organization. Refer to MIT Sloan’s Advantages of Digital Maturity[iv] to learn more about this digital maturity model.

MIT Sloan mentioned that digital maturity combines two separate but related things.

  • One is transforming the digital intensity, the level of investment in technology-enabled initiatives meant to change how the company operates.
  • The other is transformation management intensity, the level of investment in the leadership capabilities needed to enable digital transformation within an organization.
How does GRC integrated into digital transformation?

According to MIT Sloan[v], transforming digital and management intensity requires a vision to shape a new future (the transformation plan), and effective governance to steer the implementation of the digital transformation effort. All business transformation projects involve change. Managing that change requires effective governance, proactive risk management, and adherence to internal and external compliance requirements to optimize the benefits of a digital transformation investment. Change during a digital transformation project typically impacts – People, Processes, and Technology. Managing the change of new technology can be a big challenge, but often the resistance to organizational change presented by people during a transformation project is underestimated. Ultimately, all of these challenges need to be effectively managed.

According to a recent Harvard Business Review article titled Corporate Governance 2.0[vi], “the biggest failure of corporate governance today is its emphasis on short-term performance,” which is why organizations need effective governance to manage performance after the digital transformation project. Additionally, effective risk and compliance management are necessary after the digital transformation project is over to identify and manage potential risks associated with the enabling technologies that could negatively impact the success of the digitally transformed organization and ensure adherence to internal and external compliance requirements. Few people would disagree that emerging technologies can offer great benefits, but they also present new risk and compliance requirements that must be effectively managed. According to a Deloitte article titled, Risks Posed by Blockchain[vii], “The successful adoption and operation of any new technology are dependent on the appropriate management of the risks associated with that technology.” This article mentioned while blockchain technology promises to drive efficiency or reduce costs, it has inherent risks and regulatory requirements that must be managed to realize the benefits.


Digital transformation efforts can benefit from effective Governance, Risk & Compliance during and after the transformation project to optimize and safeguard the organization’s investments in the new enabling technologies. GRC solutions specialized in Project Risk, Issue, Security, and Compliance Management are some of the obvious choices to help during the digital transformation effort, and after the project, GRC technology solutions can help to maintain effective Corporate Governance, Performance Management, Risk Management (e.g., financial, operational, security, social media, etc.), Vulnerability Management, Incident Management, Data Governance, and Compliance Management associated with the new emerging technologies that enable the digital transformation. The adage, “An ounce of prevention is worth a pound of cure,” is entirely applicable to monitoring and managing new technology risk and compliance requirements.