Britehouse has deepened its already significant investment in acquiring the skills and technologies organisations need to take command of their governance, risk, and compliance (GRC) obligations and, in the process, turn their GRC into a strategic asset.
Initially founded on the SAP GRC solution, the practice is now vendor agnostic, providing comprehensive capabilities regardless of an organisation's existing technology landscape.
"Because most GRC activities are imposed from outside an organisation, usually through legislation, there is a tendency to think of the discipline of GRC as an executive and financial burden," says Leon Janse van Rensburg, head of the Britehouse GRC practice.
"In fact, if you approach it in a holistic way, GRC is an extremely effective way of streamlining your operations, affirming your organisation's integrity – thereby, consolidating customer respect and loyalty – and achieving visibility across the organisation that will lead to greater operational agility. GRC can be a powerful base on which to build a smart organisation that deserves the trust of its stakeholders.
"GRC is not about following the rules. It's about doing better business."
One of the most immediate, tangible advantages conferred by a coherent approach to GRC is the ability to do real-time fraud management rather than being reliant on post-fraud detective processes in which essential factors can be overlooked.
Janse van Rensburg says SAP-based organisations can achieve this position very quickly using SAP HANA's high-speed processing capabilities.
"Clearly, because Britehouse is SAP's most certified partner in Africa, we understand HANA to its core. Also, Britehouse has created a HANA enterprise platform. So, we can help organisations exploit HANA on-premises or via the platform.
"As a specialist GRC practice, we also have other GRC technologies that can produce the desired outcome for organisations that do not use SAP."
Reduced audit times enabled primarily through the creation of a single source of GRC information is another significant benefit of a strategically implemented GRC solution.
"GRC produces data about its assets and workflow that an organisation would not otherwise have and it puts that data in a place where it can easily be audited and reported on," Janse van Rensburg says. "This creates a significant saving on costs and resources."
While the desire for such specific outcomes often drives individual GRC solution purchases, Janse van Rensburg advises that GRC that is truly capable of becoming an asset rather than simply a cost centre needs a broader approach.
"Every organisation is in a different place on the GRC maturity curve. So, the GRC stance your organisation needs will depend on your circumstances and the legislation that affects them.
"For instance, we consult for a large financial institution that had to reposition its processes in relation to the recent promulgation of the Protection of Private Information Act.
"In the mining sector, where we also have large clients, the GRC emphasis is currently focused more on the need, arising from job cuts, to provide a smaller number of employees with information needed to do more than the job. The requirement for segregation of duties makes managing this quite a complex governance task.
"Then there's the considerable issue of change management in direct relation to GRC. It usually has an enterprise-wide impact and is highly sensitive.
"The very broad range of issues organisations must confront on their GRC journey calls for a highly specialised bird's eye view that few have in-house. Which is why we've invested in experienced specialists who can offer an advisory and consultative service designed to help an organisation take the shortest, most cost-effective route to the desired outcome.
"Clearly, we are more than well placed to offer point solutions – such as access or process control – where they are urgently needed. However, GRC is not a once-off implementation. It evolves with the company and the legislative environment. So, we recommend that customers look at an integrated risk management model that will give them the comfort and assurance of knowing their systems and processes are always protected and that they have visibility around any potential threat that could lead to financial or reputational loss."