Virtually every large company in the world maintains governance, risk and compliance (GRC) capabilities in some form. Yet many, if not most, companies see those capabilities primarily as a cost of doing business. GRC is considered an unavoidable cost that adds little in the way of value, except for helping to protect the company from penalties or fines. After all, a loss avoided or an incident averted doesn’t make news. And nobody gets rewarded for complying with regulations. So GRC practitioners, and the solutions they use to support their work, are regarded as an insurance policy, rather than an investment, by many in the C-suite.
But attitudes are changing, thanks to a new breed of solutions and the dawn of cognitive GRC.