GRC seems to be in good hands in many companies today. The areas of governance, risk and compliance are assigned to Business Development, Strategy, Controlling, Risk Management, Internal Audit and Compliance. Sometimes even individual tasks are outsourced. Each of these functions works with great commitment and at a high professional level. They adjust processes, optimize structures, maintain guidelines and deliver reports. And almost every unit now uses its own expert tools, reporting solutions or special software of the latest generation.
This is precisely the problem. Functional silos are created in the IT landscape: one system for risk management, another for compliance, another for internal control, plus reporting from controlling and strategy. From the perspective of the supervisory board and management, these are all “GRC experts” – regardless of whether they are only responsible for one section or actually work in an integrated manner. Although clipboards, brief presentations and expert reports have become dashboards and KPIs, their character has often not fundamentally changed: They remain selective snippets that are not really embedded in the day-to-day management work of the governing bodies.
If GRC is perceived in this way, in practice it is usually not a fixed component of the work content of the supervisory board and management, but a special topic that is dealt with in certain meetings or special situations. According to the liability standards of GmbH and stock corporation law, GRC is at the core of the job description of the executive bodies. The executive bodies can be supported by experts, but they cannot simply “delegate” responsibility. GRC experts, for their part, want to be the exact opposite of a super silo: they want to be strategic partners to management and fulfill their mission as efficiently as possible. So both sides are doing their best – organs and experts alike. Nevertheless, an invisible barrier remains: The experts’ systems are not really connected to the reality of leadership and vice versa.
This is where high-performance legal tech comes in. A GRC system, which is more than just another specialist tool, can break down this barrier by connecting the shafts in the “gearbox”. Bodies, GRC experts and operational jobs. This is exactly what VAlog® GRC aims to achieve. The idea is not just to map governance, risk and compliance functionally, but to think of them as a consistent structure from the top of the company right through to the operational level. Chains of responsibility, information, faults and measures are linked in such a way that supervisors and management can find connections in their daily work instead of just looking at summarized key figures.
While traditional expert GRC solutions create additional islands of information, a supra-performant legal tech approach can integrate GRC into the control logic of the governing bodies. In this way, GRC does not become a super silo, but an integral part of management, liability prevention and performance. It is precisely this connection that determines whether GRC is seen as a tedious duty in the company or whether it is understood and practiced as a genuine management task.