Carole Switzer is the cofounder and president of the Open Compliance & Ethics Group (OCEG), a global nonprofit think tank and online community of more than 50,000 individuals in more than 70 countries. OCEG provides standards, guidelines and online resources to help organizations achieve Principled Performance. She is a recognized leader in the concept of integrated governance, risk management, and compliance (GRC) and is a principal author of the open source OCEG Red Book GRC Capability Model.
Christopher P. Skroupa: With the vast amount of information available today, how can you identify and categorize the data in order to make strategic governance decisions?
Carole Switzer: We are definitely living in an era of information overload; the velocity of data growth is overwhelming. Recently, the author Alvin Toffler passed away, prompting me to reread his classic 1970 book, “Future Shock.” His main premise — remember this was long before everyone had desktop computers, let alone powerful hand held devices—was that change was happening so rapidly and information was becoming so voluminous that people wouldn’t be able to handle it emotionally and society would suffer if steps weren’t taken to better prepare for change.
It’s difficult to even fathom the increased velocity of information change today as compared to that in 1970. Toffler couldn’t have even imagined it. Luckily, as we enter the era of information overload, technological change has also increased at an almost unbelievable rate.
Manual methods such as spreadsheets are simply impossible to manage and analyze. The information within an organization (let alone the vast amounts of relevant information outside of the organization) is boundless. However, innovative technologies can consolidate, classify, sort and analyze the information, even if the data is unstructured. New systems with cognitive capabilities have the ability to compute native language, tone, and patterns in the data. These technological changes can serve as the antidote for any future shock syndrome.
These capabilities provide an integrated understanding of information that is significant for business strategy. Today we are able to identify underlying risks before they arise. We can determine the effects of new or proposed regulatory requirements while continuously monitoring our actions. The goal of any organization today is to be able to reliably achieve its objectives while addressing uncertainty and acting with integrity – what my organization, OCEG, calls Principled Performance. The governance, risk management and compliance (GRC) capabilities of any organization depend on effective management and use of information. We outline those capabilities in great detail in the GRC Capability Model, an open source set of GRC standards that OCEG publishes.
Skroupa: Is Principled Performance a “next generation” concept or is it something that companies are embracing today?
Switzer: There is a real interest in the concept of Principled Performance, even if other terms are used to describe this strategy. This method strives to reliably achieve objectives, while addressing uncertainty and acting with integrity. More organizations, of all types and sizes, are striving to get ahead of risk rather than playing catch up. Despite (and in some ways because of) the pace and influence of change, we are advancing toward a postmodern business model of understanding. We must have the right capabilities in place to grasp these opportunities, without the unwarranted risk or sacrificing integrity. We must be able to quickly move from data to decisions. Therefore, our GRC capabilities must evolve to keep up.
Skroupa: What is the post-modern business, and how is it different from next generation thinking?
Switzer: I use the term “postmodern” instead of “next generation” to emphasize that we have reached a point of critical change, a hard turn if you will. A gradual evolution is no longer sufficient. In my opinion, next generation implies minor adjustments and a few updated compatible features. However, the postmodern business model is a revolutionary way of seeing things, similar to the postmodern architectural style following the mid-century. It represents a groundbreaking creative movement, not simply a refinement of prior approaches. These innovative technologies support business performance, risk management and compliance. The goal has shifted from “think outside the box” to “do away with the box entirely.”
Skroupa: What is driving this shift in business practices?
Switzer: It’s a confluence of things, both large and small. Accessibility of big data information and the cognitive capability of new technologies that can act as an advisor to the business are significant factors. We are also driven by the need to innovate better, faster and more adeptly than both competitors and the criminals engaged in cyber-attacks. Today, GRC platform solutions are available; they allow businesses to connect previously disparate parts of their organization. Now data can be collectively shared from many sources; with different access, views, and reports for different needs. Business leaders have seen the need for change for quite some time, particularly in light of past risk failures. Now they see the opportunity, that change is actually available and achievable.
Skroupa: How can these opportunities lead to a successful business?
Switzer: It all comes down to the advantage of feeling confident that your business can overcome future threats and integrate new opportunities. Strategic plans might change in response to that knowledge; this cannot be overstated. Technologies can consolidate information in the native language, doing away with the need to re-organize and categorize millions of data points. This is a game changer. Today, it is possible to build a postmodern business with insight, intelligence, and integrity.
Christopher P. Skroupa is the founder and CEO of Skytop Strategies, a global organizer of conferences.