Part 2. Why You Shouldn't Ignore Customisation
Put simply it is essential that your GRC System reflects your business’ needs. Your system needs to work for you like a member of the team. If not, your system stops supporting your risk and compliance activities and becomes an administrative burden, just like a legacy system. At the very least; layout, ordering, editing existing fields and adding or removing should be customisable by business users (not just IT).
No business operates in isolation and a number of everyday occurrences can affect your risk management needs:
1) Mergers and acquisitions could mean additional business units that need access to your system, each with potentially different risk scoring schemes.
2) A change in leadership or staff means changes to the number of people who need their own login details each with the appropriate level of access.
3) New regulation or regulatory changes stipulate the amount and type of data that needs to be collated and monitored and how often.
4) Stakeholder and client requests shape the data that needs to be reported on a periodic or ad-hoc basis.
5) Change management: If your organisation is in the process of updating their procedures, or is using other complementary systems, customisation and third-party software integration can help avoid temporary or makeshift fixes.
Want to find out more?
Do you agree? Share your experiences below...