Can a Social GRC Strategy Accelerate Business Performance


headshot_sagarISACA (an international professional association focused on IT Governance recently published an article written by Saama’s CSO, Sagar Anisingaraju that discuss the next generation Social GRC, the advent of big data and the ubiquitous nature of data pervading all walks of life, including “wearables, driveables, flyables and scannables” (Mary Meeker, KPCB), as redefining the GRC landscape, in particular when it comes to social media.

In a recent blog post titled “GRC Will Be a Performance Platform,” French Caldwell argues that GRC (governance, risk management and compliance) platforms are not going to be embedded within enterprise systems by just orchestrating risk management, but instead should orchestrate business performance. Big data may be forcing this bridge to be built sooner rather than later.

Current-generation GRC processes and systems mostly look inward—at internal processes, segregation of duties and traditional IT risks. With these processes, companies achieve a fair amount of maturity to assess and arrive at meaningful assertions on the control environment. The advent of big data (which is pervading all walks of life, including wearable, driveable and scannables devices) is redefining the GRC landscape, in particular when it comes to social media.

You are not alone if you are having social GRC anxiety.

With more than 80 percent of data living in social media and other unstructured sources, ignoring these signals may be costly not only from a brand-reputation perspective, but also from a regulatory-and-compliance lens. Whether it is salespeople having off-label conversations, executives overreaching on Twitter, product teams unintentionally sharing intellectual property or disgruntled employees venting on Glassdoor, the distinction between risk view for regulatory compliance and business performance is closer than ever.

It is about time the internal audit and risk officers and line-of-business owners partner to create strategies to address these issues.

If your enterprise does not have a social media engagement policy, the first step is to define one. Line-of-business heads need to understand the variety of media outlets and create dos and don’ts for each. Internal audit and chief risk officers (CROs) can look at each of these policies and identify the criticality and threshold crossovers between business performance and regulatory risks. For example, while marketing may encourage employees to tweet, certain topics may be off limits.

Once a clear social media engagement policy is defined, a simple-to-use monitoring system should be put in place. Today’s employees, partners and competitors have tools to spread data at faster speeds than ever before. Having a well-rounded, near-real-time monitoring system that separates noise from signal is not trivial. Key opinions, emotional attachment and topic analysis of any conversation that is happening around your brand needs to be analyzed and quantified. These quantifications have to be mapped back to specific business risks and line-of-business performance metrics that you are managing. Fortunately, technology is available today to do the analysis in real-time.

After mapping the social impact to internal GRC and business-performance functions, how you respond and act upon them is purely a business-criticality issue. An IP-theft conversation about your product happening in gray-market websites may need to be immediately addressed by your legal department. Executives’ inadvertent tweets about confidential information may require you to make unplanned disclosures.

The impact of social GRC and big data on enterprises is bringing the emergency-response teams from business and audit closer than ever. Adding a social-GRC framework, such as the one described above, can be an incremental addition. Your current GRC investments should be fully protected and integrated with this new bridge that you are building within line of businesses.


About Sagar Anisingaraju

mmAs Saama’s Chief Strategy Officer, Sagar Anisingaraju creates strategic initiatives that lead Saama into emerging business areas with competitive differentiation. He enjoys his time spent with customers to understand their unique data assets and to help them generate business outcomes from them. Sagar is also instrumental in creating an experimental culture and setting up programs across pharmaceutical clients of Saama. He won Innovation Enterprise’s Chief Strategy Officer of The Year award in 2013.

Related Posts

Tushar says:

As a marketing prof I agree that social GRC is very much an important requirement today. With companies encouraging their employees to engage & spread the word about company through social channels in return to create brand value. Hence Social GRC becomes important to keep check on what value it bring to business and whether employees adhere to policies.

Rose says:

Nice post!

Rose says:

nice post

Leave a Reply

Your email address will not be published. Required fields are marked *