As demand for governance, risk and compliance (GRC) automation rises, many organizations are realizing there are relatively few automation options on the market to choose from. On one end of the spectrum, there’s Microsoft Excel and/or SharePoint, which is cost-effective under certain circumstances, but it presents its own set of limitations and challenges. On the other end, there’s a few enterprise solutions that are more expensive, but they tend to be very complicated, and arduous to implement. As a result, mid-sized enterprises and business units are left searching for a solution that’s actionable, quick to implement, and cost-effective to streamline the compliance process.
The benefits to automating GRC processes ensure strong internal control, mitigate risk, and often prove to be incredibly cost-effective – thus 83-percent of organizations surveyed in the 2017 Proviti Sarbanes-Oxley Compliance Survey have plans to automate at least some of their compliance process within the next year. Why not, the benefits of automation certainly outweigh the traditional, manual process by:
- Decreasing reporting time
- Supporting external audit requests
- Providing consistent documentation (one version of the truth)
- Improving visibility into GRC initiatives and internal controls
- Reducing the number of people needed to complete initiatives
- Cutting the costs of initiatives
- Allaying fines, audit restatements, and SOX failures
- Reducing risks and prevent problems with continuous control monitoring • Ensuring effectiveness of compliance spend
- Responding faster, more consistently to vendor risk assessment
- Engaging business process owners more
- Saving time by automating highly administrative or complex GRC processes, like gathering supporting documentation
- Responding quickly to business and regulatory changes
While it’s essential for an enterprise to have a handle on its GRC processes to avoid default, many automation options fall short of sharing and securing documents. While Microsoft Excel and/or SharePoint provides a repository of documents and spreadsheets, it limits visibility across fractured spreadsheets, lacks the integration of real-time data, and is limited in its ability to allow communication between stakeholders.
The other option: enterprise GRC software that’s costly, difficult to implement, and most likely has several functions or apps you don’t need, but you have to pay for as part of your service agreement. That’s why many medium-sized enterprises and business units have turned to Salesforce for their GRC processes.
Salesforce’s platform allows enterprises to automate their GRC processes and gain value from evolving technologies, processes, and data to improve business performance and compliance, while reducing costs. Additionally, because of the nature of Salesforces’ business, the platform is completely secure and has many tools businesses need for GRC, which makes integration easier. The Salesforce cloud-based platform enables companies to operate with the flexibility and speed needed to adapt to the dynamic world of compliance. Moreover, the Salesforce platform offers both core and advanced features that can be very effective for ensuring controls are in place and well defined.
- A central feature of strong internal controls is adherence to a process. Normally when a new financial process is rolled out we find that roughly: 1/3 of managers implement successfully, 1/3 are partially successful and 1/3 did not implement. It is also typically several months before the process can be audited/examined and corrective actions taken. By including key control processes in Salesforce, managers can ensure that either implementation is successful or there is immediate data showing who did not implement the process. Simply put either your processes and controls are followed or the user cannot save the record and continue!
- A completely customizable Risk Control Matrix or Risk Factor Identification Matrix or whatever your company calls this key document. Often considered the “backbone” of control documentation Salesforce allows you to define the information contained in this document and manages changes to the data requirements as requests come in from external audit, audit committee, management, etc. In addition, you will be able to run reports on which control/risk/process owners exist within a process or location without sifting through 50 or more spreadsheets.
- Invariably your internal controls, processes and the way you document and test them; change over time. A huge asset in this regard is a flexible platform that can be configured and reconfigured…and re-re-configured easily and cost effectively. The Salesforce platform was designed for sales teams to adapt quickly to rapidly changing environments. This same functionality is available to us for GRC purposes as well.
Overall, the Salesforce platform is very customizable and configurable, allowing for easy set-up and implementation. Finally, the implementation process provides an evaluation of internal controls which helps management enable an effective, efficient, and controlled execution of compliance processes. After all, business is more effective and sustainable with the alignment, automation, and integration of governance, compliance and risk.