Often improvements in GRC are promoted based on the goal of “keeping the
CFO out of jail.” But this narrow perspective obscures the larger benefit of
improved instrumentation of a business. In the fast changing modern market-
place where risks can appear in a flash, running your business based on num-
bers that are stale and old is worse than going to jail (okay, some may argue
this point). For this reason, some CFOs have stopped attributing investments
in better instrumentation to compliance. Getting better data about the busi-
ness in a timely fashion helps both compliance and running the business.
How can you tell the difference between data for compliance and data for
performance? Some CFOs say you can’t tell the difference and have stopped
trying to make this distinction.
So, from a high level, the value and efficiencies of integrated CPM and GRC
are clear. But business happens at the level of detail. How will an integrated
approach improve my day-to-day operations? Read on to find out.
Collecting the payoff from CPM and GRC integration ...................
A variety of benefits flow from an integrated approach. Perhaps the most pro-
found is a sense of security. When CPM and GRC are integrated, you are look-
ing at reports and dashboards that reflect the current state of the business.
Answers to the following questions are readily available: How are we perform-
ing? Are we in compliance? Are our risks growing? Without integration of CPM
and GRC, the answers to such questions are only available in hindsight. How
are we doing? We won’t know for a month.
Providing immediate access to performance and compliance data also
improves the payoff in groups dedicated to performance. These groups stop
acting as human integrators who manually assemble needed information.
They cease to be in reactive mode, jumping to address problems, and are
more often seeking out new kinds of problems. Risk can be sought out sys-
tematically, not discovered after the fact.
The clock speed of a business can also move faster. If you know that you have
an accurate view of the performance of your business and your risks are
being monitored, you can devolve responsibility to the edges of the business
and let everything run faster in a more distributed manner.
Some analysts see the integration and automation of CPM and GRC as the only
remedy to the faster pace of change and higher risk profile of the modern
business environment. These analysts suggest we have reached an inflection
point for most large businesses. The complexity of the modern enterprise has
outstripped the informal performance and compliance approaches of the pre-
vious generation. One simple formulation of this viewpoint comes in the rec-
ommendation to integrate, take an enterprise perspective, and then automate