2018 GRC Market Report Emphasizes New Risk Trends:
Reputation, Regulations, and Innovation
Steven Minsky | March 20, 2018
The Forrester Wave™: Governance, Risk, and Compliance Platforms, Q1 2018 evaluates and ranks the 14 most significant GRC platforms available, and LogicManager has been named a Leader! But beyond measuring the current offering, strategy, and market presence of GRC providers, the report also dives into the current risk climate.
As the report states, “Managing risk is more important than it’s ever been.” In support of this statement, the report points to three growing trends in the corporate world: reputation, regulatory fines, and disruptive business models.
We’ll explore these trends shortly, but I believe the single most pervasive trend which encapsulates all three of these is that of the see-through economy. The increasing adoption of social media and advanced technologies have granted consumers and investors multiple platforms to express their expectations of the companies they choose to do business with.
With these platforms centrally contained in one easily accessible device, consumers are empowered to record and disseminate any message they want, from a good customer experience, to a horrible one. The bottom line is the general public has the power to monumentally impact a company’s reputation.
What does this mean for businesses?
It means they need better governance, heightened oversight, and advanced risk management infrastructures in order to stay ahead of this omnibus trend pervading the business world.
Corporate Reputations at Risk in Today’s See-Through Economy
The first trend the 2018 GRC market report points to is the increasing importance of a corporation’s reputation. The report reads, “Corporate reputations are at risk. The hit to their reputation after a mishap, and the ensuing loss of customers and other stakeholders, damaged companies more than any other category of loss.”
I have often gone to great lengths to bring attention to the reputational consequences of a scandal. United Airlines reached a settlement with Dr. Dao, the man they dragged off one of their flights. But the amount paid in this settlement is likely nothing compared to the reputational damage the airline incurred.
The see-through economy has a specific connection to this scandal. With 66,000 passengers involuntarily bumped from United flights in 2016 alone, it would be naïve to assume this is the first time this situation escalated to conflict. In truth, this was the first incident caught on tape, or rather, caught on smartphone.
United’s market value plummeted by $1 billion the following day, proving that reputation is a huge concern for shareholders. And while their value has slowly risen since the incident, there is no denying that customers and competing airlines have taken note of this mishap and are expecting better.
The benefit of GRC platforms in regard to this trend is their ability to integrate and account for reputational risk across silos.
Regulatory Fines Are Climbing Higher and Higher
The second trend the 2018 GRC market report addresses is increasing regulatory fines. The report states, “With the uncertain regulatory landscape, managing compliance is becoming a challenge for most risk managers.”
I have also used the word “uncertain” to describe the current regulatory environment. As I saw the presidential administration decentralize regulations, I predicted states would take it upon themselves to enforce new regulations. In early February, the Wall Street Journal published this headline: “States Look at Establishing Their Own Health Insurance Mandates: Congressional repeal of Obamacare’s individual mandates leaves a number of lawmakers examining replacement measures.” The same pattern of new state regulations has occurred on topics like corporate pollution in June 2017, net neutrality rules in March 2018, and cyber violations in September 2017.
The see-through economy has a connection to this trend, as well. Compliance is more than a check-box exercise. It’s a reflection on the company’s ability to meet the needs, demands, and rights of their consumers. States will jump as quickly as they can to impose new regulations that fade from federal view in honor of protecting their consumers, who have made their expectations clear through digital open forum.
This uncertainty, that is, the uncertainty of new regulations coming from multiple angles, necessitates the adoption of GRC platforms with robust change management capabilities.
Innovation Is the Root Cause of New Risk
The third trend the GRC market report explores is innovation. It claims, “Disruptive business models are introducing new risks.”
Many of the scandals I’ve taken the time to study and write about it in 2017 have fallen victim to material risks inherent to their own innovative business models.
Chipotle is a poignant example of this trend. Since the fall of 2015, the fast-food chain has been the cause of multiple outbreaks of foodborne illness across the U.S. While the restaurant has pointed the finger at sick employees and earnestly claimed the isolated nature of these incidents, it’s clear they did not assess the risks associated with their latest innovation: fresh, locally sourced ingredients.
With a decentralized business model, they now have 1,000 or so points of food sourcing and contamination whereas typical centralized systems have a fraction of that.
GRC platforms assist organizations assess the risk of innovation, centralize or decentralize controls as needed, and implement monitoring at the activity level.
The see-through economy is deeply ingrained in this trend, as well. When a myriad of voices ring out to call foul on one company, the systemic nature of a problem is revealed. The repeated offenses by Chipotle and many other innovative companies have been called out by millions of consumers with the hope that the “it’s a one-time thing” excuse will no longer be an option.
The Future of GRC Adoption
As with any problem, there may be a tendency to look at these trends and feel like the cards are stacked against corporations these days. But while the business world has become increasingly transparent and uncertain, there is an entire industry that has taken heed of these trends and is developing platforms to help companies overcome them and even use them to their advantage.
It’s all about improving bottom line performance and goal achievement. I believe the trends outlined in this GRC market report will continue to grow until GRC platforms are ubiquitous across industries of all shapes and sizes, which if you ask me, is an extremely hopeful message. Corporations and industry analysts and even COSO is finally agreeing with what we’ve been saying since 2006: ERM/GRC helps organizations achieve better business performance.
With the proper oversight and infrastructure, companies can act with integrity, serve their customers well, and carry out their missions successfully.