Monday I was flying to a customer to discuss GRC topics, it was communicated that especially fraud prevention would be of interest next to other internal control topics. The financial statement of the customer showed up a successful company operating worldwide, with a complex organization of many legal entities. Even being a stable, solid company without scandals it is understandable that there is a vague feeling that this may not always be the case and that some activities should be taken.
Musing so far I noticed that the current edition of Brand eins - my favorite flight reading - titles "Bewegt Euch!" (Move!) with the editorial focus on stability. It states that mankind loves stability, transparency and orderliness because with those we acquire security and peace. The optimal stability is paradise: there is nothing more to improve or change!
Unfortunately we know that paradise is not of this world and stability is depending on effort and movement - think of a bicycle that needs constant pedaling to stay upright.
Those principles also are valid for the appliance of software to help companies achieve a stable status in GRC topics. Risk management needs constant assessment and monitoring, risks change in nature, effect and probability, and measures to reduce risks need to be adapted to changing business conditions. Laws pose always changing (and increasing) requirements towards companies that need to be implemented and adhered to. Policies need to change. Continuous testing and monitoring is needed to ensure that things do not go wrong.
Still often I have the feeling that with the invest in a software to support all this the expectations rise that suddenly that after implementation the "GRC"-world is now stable and unchanging. Administrators in companies suddenly are more than reluctant to reflect their newly implemented processes and tools and adapt to those changing conditions. The newly established system leads to the (false?) feeling of security that now everything is under control.
By the way this also applies to development of software. We know that after a release continuous work is needed to keep the application working and stable. And continuous adaption is needed to keep market success stable.
We need to convince our customers to upgrade to new versions to keep technical stability, we need to convince our customers to continuously reflect their procedures and activities and what else could go wrong. And we need to continuously think about how we can improve ourselves and our customers.
In short: we need to keep on pedaling and moving!
