In a recent interview I was asked, “what is mobile GRC, and how does it help?”
Afterwards, I realized that I had underestimated the potential impact of mobility on governance, risk, and compliance.
Years ago, Marshall McLuhan, an early prophet of the electronic age, coined the phrase “the medium is the message.” Many scholars have attempted to interpret this rather enigmatic phrase. My view is that the interpretation is simple and the implications profound.
The attributes and many of the benefits of mobile technologies in GRC are obvious. Information in the form of reports is now delivered to us on mobile devices, when once we relied on hard copy or computer screens.
Likewise, actions, decisions, and approvals that once were carried out manually or on paper are now completed instantly with the push of a button from a mobile device.
But benefits like these aren’t the only result of the rise in mobile technology. In almost every area where mobile’s been introduced, dramatic and unintended impacts have soon occurred. The world of GRC is no exception. Here are some examples to consider from opposite ends of the GRC spectrum.
Will Internal Audit Survive Mobility?
A major work product of internal auditors is the internal audit report. These reports are often lengthy, complex, and technical. Internal auditors spend a significant amount of time writing, reviewing, and rewriting. By the time the reports are issued, it’s often “old news” or no news at all. The “meat” of the report is usually an audit opinion accompanied by findings and recommendations.
One way for an internal audit department to embrace mobility is to push the report to the mobile devices of executives. But executives with mobile devices simply won’t read them in their traditional form. Mobile devices, as the medium, have forced changes in the messages.
Complex, text-heavy, out-of-date reports won’t be read by people who’ve fully embraced mobility. Authors of internal audit reports will need to adapt to survive. I predict color-coded maps with drill down capability to list issues and track recommendations. Audit “opinions” will be displaced by facts.
If traditional internal audit reports are rendered obsolete by mobile technologies, what will become of internal auditors who fail to adapt?
Will Mobility Blur the Line Between Governance and Management?
The medium change will affect changes for management as well. Mobile technologies are changing both how boards of directors receive information and what information they receive. Today, many directors are sitting around the boardroom table with tablets— and information that doesn’t fit on the screen simply isn’t read.
Gone are the days when directors are satisfied reading binders full of reports and documents, accessing web portals to soft copies, or scrolling through .pdf files. Managers won’t tolerate documents that can’t be easily navigated. They want interactive, searchable, and graphical reports and documents. In reality, they need access to the underlying systems that produce the reports and documents they now receive. Mobile devices will provide boards with direct access in real time to underlying ERP systems and reports.
Mobility Will Transform GRC Practices and Standards
As mobile devices force GRC professionals to change and adapt their outputs, changes in professional practices and standards will be required. The affects will be dramatic and far reaching.
As McLuhan predicted, changes in the medium will force changes in how GRC is managed. We can’t clearly foresee all the ramifications of this culture shift to mobility, but we can be sure not to underestimate them.
How is mobile technology changing GRC practices in your company? What GRC information is now made available via mobile devices? How has it changed your business?
If this topic interests you, check out the other blogs in the Myths in Risk Management series.