By John L. Guerra
GRC & Fraud Software Journal
MetricStream’s 2018 GRC Summit in Baltimore brought together governance, risk, compliance and regulatory leaders from various industries and market segments. The three-day summit covered the biggest issues facing GRC practitioners in banking, real estate, health care, and other business sectors.
Gaurav Kapoor, chief operating officer for MetricStream, spoke with GRC & Fraud Software Journal about the summit.
“We created a GRC summit where we could gain feedback from thought leaders and practitioners in the room,” Kapoor said. “It was intensive, with some 500 people representing 300 small to large companies representing a number of different industries – the main takeaway is that we’re all on the same journey.”
To set the stage for discussion, MetricStream announced its new tagline: “Perform with Integrity.”
“That mirrors the desire that companies have to raise performance while maintaining integrity in several aspects of the GRC model.”
According to Kapoor, companies both large and small worry about maintaining not only the integrity of their data, but their company’s integrity in the eyes of their customers who too often find they can’t trust companies to protect their personal data. Top executives at Uber, Facebook, Wells Fargo, and other companies have been summoned before Congressional hearings to answer for misuse of customer data.
“For the last two years, there have been huge breaches of trust when it comes to high-performing companies and major banks,” he said. “Companies are ensuring their GRC platforms are built for performance and integrity, and that’s in addition to preventing bribery, money laundering and other ethical problems. For the companies at our summit, maintaining the trust of their customers topped the list.”
The largest companies at the MetricStream summit said they designed GRC systems that would control ethical standards, prevent data breaches and enable them to report problems quickly to customers when they occur, Kapoor said.
“A large retailer in Sweden said their primary GRC strategy is to align systems that build trust with customers,” Kapoor said. “If there is a breach, how do we deal with customers? How do you write GRC to reflect ‘Tone at the Top?’ When your platform lets you document what kind of policies you need or have in place, you can accomplish these controls.”
At one point, the moderator asked for the attendees to stand and sit back down when the moderator hit their chief concern.
“At change and change management, most sat down,” Kapoor said. “Companies have been faced with so much change, that they are looking for the ability to adapt quickly to concerns and write it into GRC applications. For instance Crypto is an issue nobody knows how to handle. Companies are exposed to more risk like that because things are a lot more digital.”