- SAP Managed Tags
“Governance, Risk, and Compliance is not for us, we’re a mid-size company and these topics are only for large and international groups”. if I was given a penny every time someone said this, then I would be a millionaire! And much like Jason and his Golden Fleece it is a myth.
Companies of all sizes face risks, and companies of all sizes must comply with regulatory frameworks.
But a risk always has two facets: the potential negative outcome of course, and the potential upside.
In this blog, I therefore decided to look at both and highlight how GRC can help mid-size companies achieve their objectives and thrive in a complex business landscape.
Main Priorities for Small and Midsize Businesses
To be able to identify how GRC can be a value-add activity, the first order of business is to understand main priorities for executives in these companies.
Based on 40+ studies and reports from various regions, a summary picture is as follows:
As the saying goes: clear as mud, right? So, let’s apply some analytics to this picture and group the priorities alongside 2 buckets: top challenges that SMEs need to address and top opportunities that they can leverage.
Focus on top 5 challenges for SMBs
Governance, Risk, and Compliance is not a magic wand, so won’t solve all the issues of course. But it can help mitigate some of these challenges:
Digitization and Technology
| Digital transformation: by “safeguarding” the digitalised landscape with embedded IT application controls, and identity and access management to ensure compliant access Poor use of technology: by detecting and deterring cyber-attacks, but also by enforcing data sovereignty and residency requirements |
Funding
 | Funding the business: by implementing IPO requirements Seeking funding from investors: by providing investors assurance on financial reports |
Rising (operating) Costs 
| Increase in ongoing costs: by improving operational efficiency (e.g. optimal operating cycle), and identifying invoice & inventory discrepancies Managing taxes (incl. filing): by automating tax reporting and filing Tracking expenses: by identifying payment anomalies (e.g. duplicate claims & other fraud, expense claims outside of policy) |
Sales and Revenue 
| Attracting new customers: by screening potential customers effortlessly to ensure that no business is performed with sanctioned parties Client dependence: by risk assessing customers to reduce dependencies and improve reliability Converting leads: by protecting sensitive customer data |
Talent Shortage and Staffing  | Recruiting talented staff: by ensuring that localization of contracts is correctly performed for onboarding Churn and instability: by promoting (and enforcing) ethical behaviour Retaining employees: with ease of onboarding users to core systems and safe remote working Employee productivity: with rapid and compliant user access provisioning, and by providing self-service password and access request Remote workforce: by simplifying and securing logon to source systems |
Focus on top 5 opportunities
But it’s not all about managing the lurking threats. As all successful businesses know, it’s about leveraging the opportunities when they present themselves, and enhancing chances of success.
Let’s change our lens and focus on these upsides instead:
Here again, to be able to provide actionable suggestions, let’s break it down:
Digitization and Technology  | Improving online presence: by implementing data sovereignty and residency requirements, detecting and deterring cyber-attacks, and ultimately protecting sensitive data from misuse and malicious access |
Key Talent Staffing 
| Attracting key talent but also Diversity, equity and inclusion: with evidence of ethical behaviour and diversity, and no greenwashing especially when it comes to child or forced labour Personalized HR outreach: with relevant localization of contracts to ensure applicability in relevant geographies
|
Reducing (operating) Costs  | Cutting costs: by proactively detecting payment anomalies (duplicate invoices or fraudulent activities) |
Sales and Revenue 
| Create new revenue streams: by screening potential customers effortlessly to avoid high-risk businesses, individuals, and entities and more quickly confirming business parties Converting leads to customers: by protecting sensitive customer data so protecting the company’s reputation |
Scaling and Expanding  | Relocate or enter new markets: by screening business partners to avoid high-risk businesses, individuals, and entities and more quickly confirming business parties Expand internationally: by automating tasks for international trade management and reacting more rapidly to changing trade dynamics (including tariff changes) |
Why now?
These challenges and opportunities of course aren’t exclusively relevant to small and medium organizations. But their top ranking reflects what business owners have rated their most pressing matters. Nevertheless, most companies would have very similar topics on their management agenda and GRC can act as a business enabler – not just a compliance exercise:
Digitization and Technology | Funding | Operating Costs | Sales and Revenue | Talent and Staffing | Scaling and Expanding |
• Digitized & integrated controls & security checks, and identity management • Protect sensitive data from misuse and malicious access • Detect and deter cyber-attack, enforce data sovereignty and residency requirements | • Implement IPO compliance requirements • Provide investors assurance on financial reports | • Improve operational efficiency, and identify invoice & inventory discrepancies • Automate tax reporting and filing • Identify payment anomalies | • Screen potential customers effortlessly • Protect sensitive customer data | • Protect brand with evidence of ethical behavior • Safe remote working • Rapid and compliant user access provisioning, self-service password and access request, and secure logon to multiple systems | • Screen business partners to avoid high-risk businesses, individuals, and entities • Automate tasks for international trade management and compliance |
And, even if there is no better time than the present, allow me to share a few insights from experts on why now is really a good time to start:
What about you, does this resonate with the top priorities for your company?
If you are interested in learning more about SAP solutions for Governance, Risk, and Compliance, feel free to fill-in the demo request form!
| User | Count |
|---|---|
| 3 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
