Revisiting 2020: the IRM/GRC debate, and dealing with data


By Riaan Bekker, Force Solutions Manager, thryve


As I take a look at my blogs for 2020, I’m struck with where I started. My first blog for the year looked at the opportunity in crisis, and yet it doesn’t contain the words’ COVID’ or ‘pandemic’ (Why crisis also means opportunity). That was just before we realised the major problem we would face in the year and that the meaning of ‘crisis’ would reach a whole different level. Yet it’s also a reminder to me that the world was not exactly a stable utopia before the pandemic.

The difference is that we’ve now experienced a clear example of existential risk and uncertainty that sits outside of our control. My first blog was timely because there was little need to drum that topic much more. Instead, companies required strategies they could work with, which is why my colleagues and I tackled subjects such as improving customer relationships (Know your customer, regardless of your business’ size) and accelerating digital transformation (Get back on the digital transformation trend and see real ROI fast).

A significant chunk of the blogs would relate to data analytics. For several years, we’ve been told how data is the new oil or gold. Then the pandemic’s uncertainty brought home that if you need answers, data is where to find them (Three steps to using your business data). Data analytics can help reduce risk and improve operations as well as customer loyalty (Using analytics to reduce customer churn).

Deploying analytics can be relatively simple through cloud platforms, though the speed of adoption left many heads spinning. So, some of our narrative at thryve sought to help demystify analytics choices around the cloud (Analytics on tap: leveraging the cloud for data intelligence).

There is no doubt that cloud services were among 2020’s big winners. They can realise capabilities faster for companies, and have been invaluable for remote working employees. Thus, knowing the risks of cloud was half the battle, and how to break those old habits that can hold back analytics cultures (How to start harvesting data from spreadsheets).

The risks and uncertainties of 2020 also raised the stakes for risk management, and the growing debate between Governance, Risk and Compliance (GRC) and Integrated Risk Management (IRM) became much louder. It culminated with Micheal Rasmussen – the analyst who coined ‘GRC’ – taking analysts to task. He accused them of intentionally causing division between the two definitions for the sake of their marketing and not real-world concerns (Rasmussen on choosing enterprise-grade GRC/IRMS). Rasmussen sees IRM and GRC as effectively the same thing, a definition I agree with.

In fact, the difference between them is moot. What matters are the capabilities that integrated risk brings to an organisation. This concept, as well as strategic risk, attracted many new converts in 2020, for obvious reasons. So it was very timely that Riskonnect, the risk management application thryve supports and provides to our customers, acquired Xactium, a specialist GRC/IRM company (What Riskonnect’s Xactium acquisition means for the GRC/IRM world). The dramatic changes of the year also brought demand for better and more agile financial management (Introducing Salesforce Financial Services Cloud).

What will 2021 bring? To quote the Travelling Wilburys, maybe a diamond ring? But if this year taught us anything, it’s to not assume the best without preparing for the worst. Fortunately, many of our customers took heed of 2020’s challenges and are invested in digital solutions that will keep them prepared.