Governance, risk management, and compliance

Trend 7: Organizations increasingly adopt unified control frameworks to strengthen compliance and optimize costs

Globally, regulatory/compliance landscape evolves, expands, and becomes more stringent, while risk prioritization and cost-benefit analyses grow more complex. Organizations spanning sectors, functions, and geographies face this issue due to larger scale and complexity.

Organizations need common control frameworks and stringent enforcement and monitoring of controls for better compliance and cost optimization. An optimal, business-aligned common control framework enhances synergies across compliance programs, offers an integrated view, and boosts efficiency. Consistent processes, automation at various levels (control implementation, control testing, and evidence collection), including configuring GRC platform native features, workflow customization, and RPA and AI-driven bots, strengthen the framework.

An American multinational tobacco company collaborated with Infosys to establish a common control framework and control testing (design and effectiveness). The firm used a structured audit schedule to conduct control tests at different intervals (monthly, quarterly, annually) and coordinate tasks with the GRC tool. This enhanced customer visibility, ensured continuous control assurance, improved SOX compliance, and drove efficiencies, resulting in cost savings.

Governance, risk management, and compliance

Trend 8: AI/ML and integrated and quantitative approaches help manage third-party risks

Increasing third-party incidents, a growing threat landscape (especially post-pandemic), and the ever-changing supply chain environment necessitate monitoring of and adherence to cybersecurity compliance in the supply chain. Robust tiering methodologies, tools, and automation improve operational/cost efficiencies and enhance integrated view. Integrated risk management also gains traction for better business alignment and maximum stakeholder value through improved integrated real-time quantitative risk visibility (and reporting) across functions (including supplier risks and outside-in threat intelligence). This helps in informed decision-making, such as prioritization of interventions and investments, including M&A initiatives.

Traditional vendor risk assessments fall short to address emerging risks. AI/ML and digital GRC methods boost digitization within the company and among suppliers. A comprehensive, dynamic quantitative risk assessment, encompassing people, processes, and technologies, combined with inside-out and outside-in digital footprint evaluations, ongoing real-time monitoring, and full 360° visibility, effectively handle third-party risks

A leading US healthcare provider wanted data-backed, continuous visibility on risk posture, covering internal and third-party environments, with a focus on PHI-related systems. Infosys helped it implement the SAFE security partner solution to quantify breach likelihood scores (and trends) across people, policies, technologies, cyber products, and third parties. This optimized security risks through prioritized remediation from proactive and predictive analytics of aggregated vulnerabilities and external threat intelligence.