/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow Us
BCCI and
sounds familiar, well it has to be considering that these three
words have dominated the Indian media for sometime now. But are you
also aware that the recent controversy surrounding IPL and BCCI finds
resonance in
Risk & Compliance (GRC). With both parties issuing allegations
and counter allegations of corruption and bungling of funds, once the
case is dragged to courts both sides will have to furnish details of
IPL franchisees, bidding process norms etc.
Two years back India Inc was shaken out of its reverie when a globally
recognized brand like Satyam was found to be involved in a
multi-million scam that resulted in Governance, Risk and Compliance
(GRC) initiatives finally getting their due. And the global financial
turmoil certainly has made the case stronger for GRC adoption in
India.Â
The GRC market in India continued to grow in 2009 and with less than 30
percent penetration, the market is nowhere near saturation. The
Forrester Research Report quotes that the GRC technology industry
comprising of software, consulting and related services is currently
growing at 24% year on year and is slated to grow from $2.6 bn in 2009
to over $24 bn in the next five years, says
Sharma, Head-Business User & Platform, SAP Indian Subcontinent.
Kalyan Kumar, Associate Vice President and Worldwide Head, Cross
Functional Services, HCL Technologies- Infrastructure Services Division
quotes another research report by AMR that suggests that US alone will
be spending $30B on GRC activities. While the driver for USA is
regulations, the European market is primarily focused on the process
side of GRC, Kumar adds.
Key drivers
Across the world, scams are nothing new to businesses. There have been
instances in the past surrounding global giants like Enron, Goldman
Sachs and in the Indian scenario
where the management has managed to hoodwink the regulators. While
the regulators have always existed, what makes things different now is
that the guidelines and penalties have now become more stringent with
no place for errors or slippage. Organizations that were operating in
reactive mode earlier, are working in anticipating a model at present
and as time progresses the need will shift to the orchestrating mode.
As expectations from regulators and business partners have continued
to grow over the last few years, Indian companies are trying to develop
consistent method of compliance tracking and reporting. Moreover, the
foreign regulations (like HIPAA, DPA, SEC) too have expanded their
provisioning to the outsourcing service providers hence the market for
GRC in India has overhauled, opines Kumar of HCL Technologies. Â
For economies like India where outsourcing contributes a major chunk to
IT industry business, the GRC focus will primarily be driven by
information security and quality. However GRC is not a segregated
market in India instead it is integrated with other software products
such as
intelligence, BPM & ERP.
Â
The stakeholders today demand effective governance, including
enterprise risk management, transparency, accountability, and optimized
performance to ensure they receive risk free sustainable results. At
the same time, globally integrated markets are imposing increasing
volumes of regulations.
Says PK Gupta, Director and Chief Architect, BRS Practice APJ, EMC as
India moves from a paper-based economy to Knowledge and Information
economy, one of GRCs primary feature, the e-discovery is gaining
traction. Gone are the days when it would have taken years for a
corporate judgment to be passed with both parties being given adequate
time to present documents and files. With around 90-95 % of information
being stored in digital format, e-discovery is becoming a key focus
area for corporate laying stress on putting in place right processes
and making the right people accountable.Â
In short, the GRC market in India is gaining traction on four counts-
statutory & regulatory drivers including international regulations;
financial & legal drivers involving contractual bindings, S&P
credit ratings; operational drivers that includes competitive
pressures, process efficiency and optimization and finally governance
drivers involves transparency to stakeholders and improved
accountability.Â
All the key drivers listed above require organizations to move towards
an integrated approach to manage GRC which should not only be linked to
conformance/compliance responsibilities but also to performance
objectives.
Leading from the Front
As growing number of Indian players set up offices overseas, adherence
to global regulations is gradually but surely becoming the norm with no
vertical being left in isolation and therefore GRC initiatives have not
been confined to a specific industry vertical.
No prizes for guessing that Banking, Financial and Insurance service
industry is the front runners when it comes to GRC adoption simply
because of the strict government regulatory norms the sector has to
adhere to.
Following suit is the Indian ITeS (read the BPO industry) sector for
which compliance to global norms has become a pre-requisite. The same
can be said about public listed companies which are very active in
compliance and regulations. The main reason for GRC adoption has been
the increased regulatory oversight in India and investors expectations
for good governance.
The GRC domain has expanded its wings for Healthcare, Life Sciences,
Energy & Utilities and Manufacturing.Â
Other than the above mentioned verticals some of the major domains that
are adopting GRC include financial, healthcare, manufacturing, telecom,
public sector, energy and retail. Energy as a sector is kicked about
GRC since a lot of traction is happening in renewable energy,
energy and bio-fuel sector. Particularly in the energy sector, it
is increasingly becoming critical to maintain all records ensuring
compliance to norms and putting in place governance since otherwise a
lot of patent credit issues crop up where it becomes imperative to
present proof of discovery, says Gupta of EMC.
Kumar of HCL Technologies believes that the primary reason why GRC
solution deployment has grown irrespective of the verticals is the
growing awareness amongst enterprises on the potential risk and
compliance issue. The Governance, Risk, and Compliance (GRC) market is
gaining significant momentum leading to an enterprise-wide view of the
risks associated with all lines of business and geographies.
Major Players
With GRC as a market gathering momentum, almost all major vendors have
joined the race including HP, IBM, SAP, HCL Technologies, Oracle &
Accenture. Currently the ERP vendors are investing heavily in GRC
while existing software solutions are expanding to new modules
enveloping SoX, internal audit, compliance risk management and IT as a
whole, says Sharma of SAP which was placed in the Leaders Quadrant
with the highest ability to execute in the recent Magic Quadrant for
March 2010 in the area of Continuous Controls Monitoring.
SAPs customer list includes names like Vodafone India Services Pvt
Ltd, Sterlite Industries India Ltd, Tata Teleservices Ltd, Kansai
Nerolac Paints Ltd, Sesa Goa Limited and Delhi Transco Limited.
Elaborating more on their market strategy Sharma adds that, in order
to help customers have the clarity and confidence required to manage
risk effectively throughout their business processes and IT
environments, we are cooperating closely with key partners on
integrated GRC offerings. Through these offerings, customers can
increase visibility across risk and compliance initiatives, promote
cost efficiencies and help manage risk across the enterprise.
On the other hand HCL Technologiess GRC methodologies are focused on
the what and how dimensions of major global compliances impacting
customers. The vendor has ensured a close integration of GRC with the
business intelligence, process re-engineering, enterprise applications
and infrastructure services thereby covering the complete gamut of risk
and compliance services.
One of the prime markets for HCL GRC services would be its
infrastructure customers. GRC offering in HCL are closely aligned to
the Cross Functional Services within the infrastructure division. The
GRC advisory & automation services are primary for all
infrastructure outsourcing deals. In addition HCL also intends to offer
GRC as managed services over its renowned MTaaS (Management Tool as a
Service) for reducing the maintenance and total cost of ownership for
GRC solution, says Kumar.
Crystal Ball
With the global markets having undergone turmoil in recent times thanks
to recession, the GRC solution market is growing at an unprecedented
rate. And whats most surprising is that enterprises across the
spectrum have understood the relevance of Governance risk and
compliance and do not look at it as another extra expenditure. The
market has potential to pick up the growth of these solutions help in
risk-based controls embedded in a wider range of business process
areas. Â
In a box:
Factors driving GRC adoption in India
- Increasing focus on Enterprise Wide Risk Management framework
- Risk Based approach to Planning and Executing Audit &
Assurance activities - Streamlining Access Management (Segregation of Duties ),
Security, Document Management, Data Quality, Master Data Management
etc. were seen as the key areas of focus - Regulatory intervention in role of Independent Directors
- Companies Audit Report Order to be redesigned to make Directors
responsible for Enterprise wide Risk Design & Auditors to be made
responsible to certify the same for its effectiveness - Continuous Monitoring Tools will be a major focus area going
ahead in 2010.