Technology Impact on GRC Consulting

Technology Impact on GRC Consulting

Amy-Baj-Forbes-DellWorld-PostTechnology, the harbinger of change

Successive waves of technology advances that have fundamentally affected the way in which many traditional service industries operate in the 21st century, are starting to impact the GRC Consulting industry.

Since the late 1990’s, the brick-and-mortar establishments of industries such as Travel Agents and Realtors have been in decline. Online capability for consumers to research and fulfil their own preferences without the need for intermediaries has meant that the role played by traditional agents in these industries has needed to adapt continuously. Those companies that have failed to adapt, have failed. Those companies that have adapted are operating in a totally different way to how they operated 2, 5 and 10 years ago.

Problems facing the GRC Consultancy Industry

The GRC Consultancy industry appears to steadfastly believe that its ‘guru’ status renders it immune to the ravages of technological advances.

However, a harassed Consulting Manager of a large GRC Consultancy recently confided to my colleague that his region’s consulting revenue was down. Head office was pressuring him to get more consultants into more clients. He lamented that his clients’ consulting budget had been cut in the economic downturn and that the blank cheque mentality of many corporates had been replaced with more prudent use of consultants.

In general, GRC Consultancies have the following modus operandi

  • Select an area of expertise
  • Familiarise themselves with the relevant statutory requirements and regulations
  • Develop expertise in Gap Analysis, Remedial Processes and Best Practices for their area of expertise

They then consult to clients at an hourly rate on various aspects of:-

  • Governance policy;
  • Risk Analysis;
  • Policy Compliance Implementation;

They generally leave their clients with a manual, detailing their opinion of the current state of compliance, with a set of operating procedures to remedy any shortcoming.

Whereas, in the past, companies were prepared to pay GRC Consultants to fulfil their regulatory obligations (the “tick off” mentality), more and more companies are wanting to leverage from these expensive exercises, to ensure that they add value to their bottom line. Increasingly, they are also looking for dynamic ways to ensure that the results become part of their company’s DNA, rather than residing in manuals gathering dust on some manager’s bookshelf.

How can Technology change the face of GRC Consulting?

  1. The ability to capture the GRC Consultant’s knowledge into a user-friendly, easily accessible environment.
  2. The ability to assess the level of compliance in a consistent and accurate manner across small and large client environments, removing the influence of external factors such as consultant experience and bias.
  3. The ability to recommend remedial action based on a solid assessment of both the current state of compliance, and the goals of the company.
  4. The ability to hand over a self-managed tool to the client, where they can leverage the findings of the consultant to achieve integration into the company DNA
  5. The ability to allow the GRC Consultant to add significant value by providing an oversight role to ensure the remedial process is on track.
  6. Up to date insight, through dashboards and reports, to compliance levels within the company.

None of this capability is possible without the use of comprehensively designed applications. To this end, a number of technology companies have developed, or are developing, Compliance Evaluation and Management platforms, to assist both corporates and consultancies in the art of managing compliance , governance and risk.

How is Technology being implemented?

Some of these platforms take the view that large corporates need to take responsibility across the entire organisation, and provide a corporate-level solution, requiring significant upfront investment and management buy-in. Such high-end solutions will generally require teams of in-house or external consultants to effectively utilise the environment. External consultants will need to be trained in the platform.

However, other technology companies aim their services at smaller corporates and consultancies that are looking for zero or minimal investment in the technology, but want the flexibility of monitoring specific policies relevant to their business. Consultancies want the ability to wrap their expertise in a service with flexibility, security and a professional interface, which is easily accessible to any of their clients. The internet offers the ideal interface via Cloud Computing.


No matter whether a GRC Consultancy operates in the large or small corporate space, using technology to leverage their services to the benefit of their clients is becoming a matter of survival. Of course, this will not happen overnight, but Consultancies adopting appropriate technologies sooner rather than later will be better able to negotiate more favourable contracts with their clients. CGA Consultancies, irrespective of their size, need to start investigating appropriate technologies as soon as possible to avoid the spectre of becoming less and less in tune with their clients expectations, and themselves losing relevance.