New year. New solution. Ramp up for compliance and risk challenges ahead
2019 is just around the corner, and if 2018 has taught us anything, it’s that the business of compliance and risk management is more challenging than ever. And it doesn’t take a crystal ball to see the future. It will be faster, more automated and more productive.
However, it may be difficult to embrace the future with your current compliance and risk management solution. That’s why you should start kicking the tires to see what you can learn. Here are five considerations for organizations searching for a technology solution designed to make compliance and risk management processes more efficient and productive.
What are your future plans?
With any solution purchase, you’re not just solving for today but also tomorrow. Will your demands grow over time? If recent history is any indication, the answer is yes. A shift to digital has introduced new types of risks, and our ever-changing regulatory environment demands agility from compliance. A growing reliance on third parties presents its own unique compliance and risk challenges.
It’s like the movie Jaws. That shark in the water, your challenge, is much bigger than you expected. Actor Roy Scheider delivers the memorable line, “You’re going to need a bigger boat.” That bigger boat speaks to the solution you need, not just for the present but also for the future.
What’s your maturity level?
The maturity scale for compliance and risk management goes from the low maturity of using manual processes for one or two activities to the high maturity of solving multiple risk challenges with integrated risk management processes. The higher your maturity, the more robust solution you’ll need.
If you’re just trying to do one thing like create policies, a point solution makes sense. A point solution focuses on one aspect like policy, audit, third-party risk management, etc. If you’re doing multiple activities like policies, audit and compliance, plus managing risk a governance, risk management and compliance (GRC) platform that enables integrated risk management might fit better with diverse requirements and the importance of collaboration.
Check references and ratings
Research and advisory companies rate point solutions and GRC platforms. Is your short list of providers at the top or near the top of the list on the rating service criteria or critical capabilities? Review case studies to learn how the solution or platform has solved challenges for other organizations.
It’s a big decision that demands thoroughness. Make checking references and ratings part of your process.
Budget for training and support
Just because a provider says their solution works out of the box doesn’t mean your users will know how to use it. It’s wiser to purchase a solution from a reputable technology provider that also offers training and support.
For example, a recent crash of a new commercial jet was the result of the new automatic systems that the pilots weren’t trained on. Training helps create competent users of the solution and having support helps when you get stuck and can’t figure things out.
When it comes to evaluating solution providers, you should consider not only ease of use, but what training and support services are available.
Try before you buy
As a technology buyer, you can take advantage of free trials to see how you like the solutions. If a free trial isn’t available, most technology providers offer demos.
A free trial or a demo is a good place to start, but it’s easy to become enamored by a technology’s interface or a standout feature. That’s why it’s still important to go through your selection process. That’s why we created our GRC Buyer’s Guide, which offers guidance and resources for buying a GRC platform.
Which technology solution is right for your compliance and risk management challenges? There’s no simple answer. It’s more about understanding your needs, your requirements, your future and your budget, and then going through a due diligence process to determine which solution scores highest on your wish list.
Learn some practical steps to getting in control of PCI compliance.
Learn about NERC’s record fine, the causes and what can be done to prevent it with a healthy compliance management program.
March 1, 2019 is the deadline for covered entities to comply with the final phase of 23 NYCRR 500. Is your organization ready?