The Future of GRC in the Era of Stakeholder Capitalism

Over the past six years as the CEO of Diligent I’ve been fortunate to interact with many of the world’s most influential leaders guiding their organizations through different phases of change.

Across these conversations the question that CEOs, CFOs, board members and audit chairs, among others, always seem to ponder is: “How do I know I am not missing something?”

Diligent has aspired to answer that question for our clients. Now, with the $1.3B acquisitions of Galvanize and Steele, SaaS leaders in risk and compliance, Diligent will change that reality.

Since the early 2000s, software companies have driven digital transformation for the enterprise with cutting-edge technology. SAP and Oracle transformed the back office with Enterprise Resource Planning (ERP) platforms. Salesforce unlocked a new way for companies to engage customers and drive growth with Customer Relationship Management (CRM) and Marketing platforms. Today we are at another inflection point, with Diligent poised to deliver the first truly integrated Governance, Risk and Compliance (GRC) platform, connecting boards and leadership teams to the people, data and insights that maintain the integrity of day-to-day operations.

Today’s most visionary leaders know their companies must transform in significant ways to keep pace with the rising tide of stakeholder capitalism and ESG. In fact, the Business Roundtable, the leading association of chief executive officers representing 200 of the world’s most prominent organizations, has literally redefined the purpose of corporations to acknowledge the importance of all stakeholders. The technology that ties together all the disparate practices, processes and controls into one holistic view — for shareholders, employees, communities and regulators — is just taking shape.

Acceleration of Purpose-Driven Capitalism
We have entered a new era in business where hitting financial metrics isn’t enough for leading organizations; managing broader stakeholders is now critical to success. This stakeholder-centric era introduces opportunity, but also complexity, increased scrutiny and unforeseen disruption.

In this dynamic environment, that fear of “missing something” for CEOs and boards has now expanded to a much broader set of focus areas, commitments and risks:

  • Making ESG commitments, incorporating ESG into company disclosures, and reporting on progress;
  • Expanding digital transformation discussions from IT to the boardroom;
  • Cultivating a corporate culture that ensures ethical behaviors and practices;
  • Working with key audit, risk and compliance leaders to understand the organization’s risk posture;
  • Establishing new measures and processes to achieve global pay equity;
  • Bringing diverse leaders into the C-suite and boardroom;
  • Encouraging transparency and accountability throughout the supply chain.

To make progress on these lofty goals, the aperture of board and leadership oversight must rapidly expand. And so does the need to deepen connectivity and transparency to both people and data inside the organization. Driving successful transformation requires a new way of engaging with the organization — from the CHRO to the recruiter, from the CISO to front-end engineers, and from the Chief Compliance Officer to the internal auditor.

Importance of Modern GRC
It’s the job of leaders across the globe to help their companies envision the future and get there quickly and safely.

A multinational corporation that is doing significant overseas deals must know whether the growth is legitimate or if there may be sophisticated bribes or kickbacks. A data breach that dumps private data from millions onto the dark web cannot go unreported to senior leaders or undisclosed to customers. Suspicious transaction patterns flowing through a major financial institution must be unearthed and exposed to regulators. No purpose-driven organization can afford to wonder if every vendor in the supply chain is complying with local environmental or child labor laws.

The good news is that information to avoid these pitfalls is usually readily available to organizations. The bad news is that legacy GRC practices and technology too often leave critical information obscured from the view of C-suites and boardrooms.

That is where modern GRC comes in.

Modern boards and executives understand that to thrive in this new chapter, leaders must reimagine the relationship they have to their company. They must deepen the connective tissue across all layers of the organization, from the board to leadership to front-line employees.

And while every company cares about governance, risk and compliance, most companies manage these areas separately as siloed functions, amplifying that chance of “missing something.” Modern technology is critical to enable a holistic view of governance, risk and compliance alongside regulation.

An Integrated GRC Platform: The Operating System for Purpose-Driven Capitalism
While there are many companies addressing the risk and compliance space, all efforts to build a consolidated GRC platform ignore “the G,” failing to acknowledge governance as a distinct practice that needs a targeted technology solution. Through the acquisitions of Steele and Galvanize, Diligent brings the very best GRC tools into one platform, making it easy to roll up risk and compliance findings, manage status and remediation, and easily consolidate insights for leadership and the board.

The power of modern GRC already exists in your organizational data. But legacy GRC practices rely far too heavily on manual collection of information from people through traditional forms and workflows. Modern GRC uses the power of the organization’s digital information to assess risk, monitor controls and gain visibility and assurance in real time. Robotic data automation turns historical “look backs” into proactive assurance that can be used by CEOs and boards to act on risks and opportunities confidently, as they emerge.

Our integrated GRC platform will help clients implement thoughtful risk management and controls across the organization, measure those activities with data, enrich insights with external benchmarks, and aggregate all these activities into a holistic, integrated view. By connecting data and insights from day-to-day governance, risk and compliance teams to the C-suite and board of directors, Diligent will deliver “the last mile of GRC” — bringing GRC into the boardroom.

Impact, Performance and Risk in a New Era
Corporations cannot be better and do better if they have blind spots that disappoint stakeholders or erupt into scandal — especially as risks multiply, and guidelines and regulations evolve. Only once companies have bridged the gap between their leadership and employees, creating transparency across the entire organization, will they be strong and resilient enough to make progress on the greatest business objective of all: positive change.

I believe that 10 years from now, winning organizations will have invested in their employees and their communities, taken a long-term view on products and innovations, and partnered with Diligent to power this transformation.

As we venture further into an era of purpose-driven capitalism, and C-suite executives and board members look for ever-expanding ways to drive positive impact for stakeholders, a modern GRC platform — the operating system for purpose-driven capitalism — will be an indispensable tool.

Brian Stafford is the CEO of Diligent, the largest GRC SaaS solution with a footprint of 19,000 clients and 1,500 dedicated employees around the world.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store