Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
Showing results for 
Search instead for 
Did you mean: 
Product and Topic Expert
Product and Topic Expert
These days, there are many webinars, whitepapers, and so on out there relating to Digital Transformation. And most of them refer to supply chain or finance. But what about governance, risk, and compliance?

In a blog I wrote in 2016 (What Will GRC Look Like in 2021? An Anticipation Scenario), I suggested a few potential scenarios. Some are now mainstream…but I have to admit that some are still a few years from full maturity. Interestingly, many other technological advances can already be leveraged to “transform” the way we do risk and control today. This doesn’t mean changing it completely, just making the best use of technology to support the process. Let’s take a look.

Big Data and Analytics

Big Data and analytics are the most mature technologies that GRC can leverage, in my opinion.

Instead of testing a sample of data for a control on a monthly basis, why not test ALL the data continuously? This helps ensure that nothing falls through the cracks and that no data has been altered since the last test for instance.

Similarly, being able to leverage the power of Big Data means that companies can run multiple risk scenarios and find the most likely outcome. Either to prevent it, if it is a threat, or enhance it, if it is an opportunity. And this power is also supported by analytics that enables rapid creation—and visualization—of the relevant information. Presented in a manner that suits each user and, of course, adapted to their needs.

Mobile—but Not Only

There was a time where convergence of user interface was key—the goal was to have the same look and feel on your laptop, tablet, or smartphone. But often this simply meant having a user interface and mobile app that resembled each other in design.

What has changed is that the user experience is now the same with a single entry point, whatever the device. Meaning no more apps to download and update whenever necessary—and often, when you most need to check a risk status. No more integration—the single source of truth is what you access.


Artificial Intelligence seems to be a buzz word, it’s true, but it actually includes facets that are leveraged by GRC today. Let’s take machine learning, for instance. Fraud detection can really leverage this technology to ensure that the software solution learns from previous decisions made by the fraud investigators, thereby reducing the number of false positive that are flagged in the future by automatically discarding the irrelevant ones. Predictive as well is a facet of artificial intelligence that can be used to run simulations and determine which approaches are the most effective in deterring anomalous and fraudulent activities.

Head to the Cloud

Last but not least—and this list if of course is not exhaustive—is the Cloud. It's not a new way of “doing GRC” per se, but a new way of “consuming” it. The Cloud enables businesses to be much more flexible and nimble in the way they adopt GRC solutions. They can really tailor it to their internal evolving organization by increasing or reducing the scope as they see fit, more rapidly than ever before.

Bottom Line

As you can read, most scenarios I had imagined for 2021 are not yet fully here. But others are mature and I would recommend investigating them. Governance, risk, and compliance is not just a tick-the-box exercise to ensure compliance. It is much more than that and can enable competitive advantage over other players in a market by reducing exposure and increasing opportunities encountered.

Similar to the way some organizations use IT to provide an edge in their supply chain practices or customer relationship approach, I firmly believe that tech can be leveraged to deliver what GRC has to be: a business tool.

What about you? Does your company already leverage some of these technologies to transform its GRC approach? I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard