Risk and compliance executives expect real benefits from digital technology but many firms face challenges in moving towards the future, according to a report on governance, risk and compliance (GRC) by Thomson Reuters and Celent.

The report – Achieving Integrated GRC In An Interconnected Digital Age – examines the challenges facing risk and compliance executives and found that technologies such as big data, artificial intelligence (AI), machine learning and distributed ledger technology (blockchain) are expected to bring measurable increases in efficiency to risk management operations. Risk operations are not, however, finding the adoption of digital technologies straightforward; some are having trouble developing agile capabilities and continue to be hampered by inflexible technology, said the report.

The report, based on interviews with risk and compliance executives, established a wish-list of requirements for a fit-for-purpose, integrated risk ecosystem in five key areas:

1. Information & data congruence

Applications employed to capture and report information for various risk assessments and controls management activities, such as risk control self-assessments (RCSAs), key risk indicators (KRIs), risk appetite parameters and loss events. These should be connected, aligned and congruent with a firm’s taxonomy and framework.

2. Adaptability

Flexible, business-user centric capabilities to respond to evolving requirements, without the need for protracted cycles of IT development, coding and testing.

3. Rich visualization, usability and collaboration

Next-generation platforms should possess the ability to quickly analyse, chart and exchange operational and risk- related insights based on modern and intuitive user interfaces.

4. Dynamic, event-centric and timely

Ability to support multiple modes of operation, including triggering by events and operating in near-real time in order to monitor and report on the state of affairs in a firm’s risk profile in a dynamic manner.

5. Open and seamless co-existence

Platform should be open and extensible enough to connect and co-exist with other non-risk IT applications (HR, sales, security) using modular, flexible interfacing mechanisms.