At this month’s Governance, Risk and Control conference, Bhavesh Bhagat, co-founder and chairman of EnCrisp, presents “Identifying the Governance Forest Among the Trees: Survival of the GRC Professional in SoLoMo World.”
We chatted with Bhavesh to preview his presentation.
ISACA: How has the role of the GRC professional changed in recent years?
Bhavesh: Let me be frank here. GRC as we know it is dead. The word has been much hyped and abused by software and analyst vendor communities. Having met boards of directors and governance professionals globally, what I think has happened is that the world has changed dramatically in less than a decade. Technology has moved way beyond everyone's expectations into realms that one could not have imagined. One example is socially connected machines. My observation is that the governance-and-risk professional has lagged behind all of this innovation because many have been in a more reactive mode and have been focused on compliance.
The key to survival is to think innovation in the governance business itself and in the process of managing risks. To see this process as an enabler of growth rather than a checklist of compliance. This is why I feel the old world of GRC is dead—we are way beyond those compliance happy days. Risks of the future are unknown and still evolving. GRC professionals (if you still want to call them that) who will survive are those who understand that risk is their friend, not their enemy. These professionals’ value is in the innovation that they enable in their environments by being a proactive part of business enablement. Essentially, good governance is good business and those professionals who understand this and are able to communicate this message to their boards and audit committees will be winners.
ISACA: What is the SoLoMo world?
Bhavesh: This is the new domain of technology that is surrounding us in every aspect of our personal and professional worlds. The boundaries between these two worlds are no longer definable. Companies that try to enforce these boundaries and individuals who draw black and white lines between these worlds will no longer be able to lead. The simple reason is that innovation happens in companies. It results in successful growth if people are at ease and they are efficient and they are empowered to go above and beyond their normal job descriptions.
The new SoLoMo world does exactly this in a turbocharged speed. SoLoMo in our technology and venture-capital world stands for social, local and mobile. These three themes are driving every successful organization that wants to thrive in the next decade.
- You must have the ability to connect with your customers and stakeholders across the entire spectrum of their needs—social connectedness enables this.
- Local is the next big theme, since everything we do now is very specialized, including business processes and the technology that makes things possible to be delivered completely customized for local markets in the most remote areas of the world.
- Mobile is a no-brainer. For all the hype around BYOD, that wave is not going to go away simply because it is more efficient to use the environments and devices on which you are more comfortable. More CEOs and CFOs own iPads (perhaps more than the IT departments would like), but that is the reality of the new SoLoMo world. The new governance professional has to adjust to it.
ISACA: Why can it be tricky to identify the governance forest among the trees?
Bhavesh: This is all about perspective. If your past 10 years were spent dealing with compliance fires, weak processes, departments that do not talk to each other and reactive execution, then it will be hard for you to understand the mega-themes that have overtaken the industry and its professionals. Leaders in our business are those in the next five to 10 years who will not only be able to see these big shifting global/professional/personal dynamics, but who will take advantage of these shifts to advance their own organizations’ missions and benefit, in return, professionally.
This is challenging because when I talk to boards and the field-level practitioners I often see a disconnect between strategic direction of companies and governance execution at the field level. As a result, most GRC professionals are focused on mundane, reactive and less-efficient processes that are short-term in nature. To effectively see the forest, one has to understand that governance is not just about IT or about business. It is about a bunch of activities that need to work like a gearwheel, making everything move forward smoothly. Technology and new innovations that are coming our way necessitate this shift in our governance paradigm—we need to encourage more GRC professionals to see the big picture (the forest) and bring this perspective to their leadership.
Want more? Join Bhavesh and dozens of other experts at the Governance, Risk and Control conference, co-hosted by ISACA and The IIA, taking place 19-21 August in Phoenix, Arizona. Learn more here.
Continue the conversation in the Governance of Enterprise IT community within ISACA’s Knowledge Center.