Working for a Purpose in the GRC Market

Today it was announced that I’m joining Aravo Solutions as Chief Marketing Officer. I’m delighted to be joining such a dedicated team—a team that cares about their customers and about the wider causes they are supporting through Aravo’s industry-leading technology and services.

If you haven’t seen it,  I highly recommend a great video by Simon Sinek that explains how the ‘why’ of something—the purpose of a product or service—turns out to be the central driver for buying decisions. “People don’t buy what you do or how you do it,” Sinek tells us. “They buy why you do it.”

Why you do it. The “you” here refers to both organizations themselves and the individuals who make up organizations.

Why do you get out of bed in the morning? What larger, meaningful purpose are we contributing to in your daily work?


Why do you get out of bed in the morning? What larger, meaningful purpose are we contributing to in your daily work?

One of the reasons I have always enjoyed working in the Governance, Risk, and Compliance (GRC) space is that there’s a bigger purpose that is unmistakably important and life-changing. GRC professionals play an important role in the fight against corruption and social injustice such as slavery and human trafficking. Helping global organizations combat these evils while simultaneously improving their third-party monitoring and operational efficiency provides GRC professionals like myself with a very satisfying “why.”

Regulations and Grass-Roots Initiatives as Drivers

The “why” of GRC is compelling to governments and international consortiums, too. Witness the growing list of laws and regulations seeking to eliminate this maleficence from business conduct and supply chains:

Consumers are forming their own groundswell of support for combatting these ills and promoting ethical practices in agriculture, manufacturing, and commerce. They are leveraging the power of social media, and they are finding allies in advocacy groups world-wide that are ready to target businesses accused of violating anti-slavery/trafficking and anti-corruption laws.

The High Costs of GRC Risks

No business wants to be associated with these practices. But corruption, sustainability, and slavery risks can be difficult to ferret out. In complex supply chains or relationships with remote third parties, detecting and stopping illicit practices can be difficult.

For this reason—as well as for reasons of data security and data privacy—third parties (including suppliers, distributors, franchises and joint venture partners) present a significant risk for today’s complex, global enterprises.

A recent study by Deloitte  found that 87% of company respondents had suffered a disruptive incident associated with third parties in the past 2-3 years.

  • 26.2% had suffered reputational damage arising from third party relationships
  • 23% ended up being non-compliant with regulatory requirements
  • 8.7% of these were facing a fine or financial penalty

Those fines and financial penalties can be costly. Deloitte estimates that the failure by large multinational businesses to appropriately identify and manage third parties can lead to fines and other revenue losses in the range of US $2-50 million, while action under global legislation can reach as high as $1 billion.

From “Why” to “How”: Putting Third-Party Risk Management in Practice

To reduce these risks and gain better visibility into third party networks and supply chains, organizations need to solve several problems at once:

  • Data
    Whatever else it is, third party risk management is a data problem. To screen and monitor third parties and supplies chains, organizations need timely and accurate data about third party policies, business practices, status, and risks. It only makes sense, then, for organizations and solution providers to use state-of-the-art technologies and techniques for data collection and data analysis as part of their third-party risk management solutions.
  • Operations
    Every organization is different, and those differences can be profound when multinational corporations have operations spanning the globe and serving hundreds or even thousands of distinct local markets. Third party risk management solutions must be flexible enough to accommodate any organization’s day-to-day processes, corporate structure, and business policies and priorities.
  • Regulatory Agility
    Once an organization implements a third party risk management solution, it needs to be able to modify that solution easily to keep up with changing regulations and guidelines. Regulations, as we noted above, are multiplying, and regulatory complexity is increasing. Organizations need a solution they can easily adapt to whatever new regulations come to apply in their industries and markets.

One of the reasons I joined Aravo is that I feel that the Aravo Enterprise solution for addressing the “why” of the GRC market also addresses the “how” challenges in a uniquely powerful and compelling way. The Aravo SaaS solution is a fast, flexible data analysis platform that helps Global 2000 companies reduce third-party risks and improve visibility into third-party relationships.

You can learn more about the Aravo solution here.

What do you find most compelling about the GRC market? Please leave a comment below and join the conversation.

Topics: grc