Skip to content

The paradigm shift continues: Understanding cognitive GRC

Dr. Heather Buker |

October 5, 2022
The paradigm shift continues: Understanding cognitive GRC


Governance, Risk Management, and Compliance, or GRC as it is commonly referred to, is a term coined almost 20 years ago by research analyst firm Forrester. But until recently, organisations still struggle with implementing GRC software.

With cognitive GRC being talked about a lot in #RegTech circles, does it hold the solution for organisations?

Managing risks and complying with regulations is something that all organisations have been doing at some level for decades. Even before the formal term ‘GRC’ became popular, companies have been doing risk management activities to either strengthen themselves against different risks or given regulatory compliance obligations.

Over the years, these activities have been getting increasingly complex leaving many organisations with spreadsheets and word documents in shared folders while some use GRC software. But the fact remains that implementing GRC software has been really hard for most of these organisations.

The GRC goalposts keep changing

Even though GRC technology has come a long way, the challenges and complexities continue. Implementing GRC is already complex enough. But when you add variables such as digital transformation, business changes, evolving threats, and changing regulations, the problem becomes staggeringly complex. Add to this the fact that organisations simply don’t have enough people to manage their GRC programs effectively - good people are increasingly hard to find.

When you bring spreadsheets in shared folders to combat this complexity, it’s nothing short of a disaster. Spreadsheets not only fall short of navigating the complex GRC space, but they can cause more harm than good. GRC software seems like a good bet in such cases. But most of these software solutions on the market leave much to be desired because they are not built to keep up with the changes in the market, particularly in relation to domains like cybersecurity and ESG.

There are new regulations every day and multiple standards to comply with. Once you prove compliance, there’s also the significant effort that goes into maintaining it. Business processes keep changing, too, especially with the new hybrid and remote work models.

And of course, the real risks – the threat to information and infrastructure – also keep evolving. Cybersecurity attacks continue to get more sophisticated and damaging to business continuity and reputations. Other risks such as geopolitical, health & safety risks, are also enough to keep organisations grappling with changes to risk management requirements.

Add to this problem the issues with the labour market. Organisations simply don’t have enough people to manage their GRC programs effectively. Also, since most organisations exhaust their resources in ‘GRC management’, risk management gets side-tracked.

The result is that even as we try to catch up with all the complexities and challenges, the GRC goalposts keep changing with efficient GRC just out of reach.

Cognitive GRC – the technology transformation we all need

Given these challenges, the obvious step is to turn towards technology to help automate manual processes and free up people to make better decisions. Automation, artificial intelligence, and machine learning are technologies that are not just important but critical for GRC software.

Traditionally, GRC implementation has been a largely manual process. Considering the changing GRC environment and multiple standards to manage compliance with, GRC implementation is quite complex. Many assumed that navigating complex processes would always need manual intervention. After all, there are elements that need to be manually interpreted and contextualised for GRC implementation.

Cognitive GRC changes that. It leverages technologies such as artificial intelligence (AI), machine learning (ML), natural language processing (NLP), and predictive analysis to completely transform GRC implementation. Cognitive technologies come closest to human behaviour and solve complex problems. Cognitive GRC takes into account the real-time environment, context, and intent before making decisions related to GRC.

Experts Guide to GRC Software

How is cognitive GRC a game changer?

It is said that if you print the UK’s FCA rulebook, you could stack the papers into a pile six feet tall. The other regulations are also no better and they keep getting longer and more complex with time. While it could take a person years to go over all the regulations you need to consider, cognitive GRC software can go through them in less than a minute. It can also sort, categorise, map, and link the requirements with great accuracy.

These AI-based solutions also keep a track of the regulatory changes for you. They scan the laws, news, statutes, analysis, and regulations to highlight regulatory risks that need to be addressed.

Just imagine the amount of time and effort saved! And that’s not even all of what cognitive GRC can do.

By automating GRC activities like assessments, reporting, policy management, etc., you have a solution that is agile, scalable, fast, accurate, and efficient.

6clicks for GRC

The problem with GRC implementation until now has been that we were trying to solve new problems with the old solutions – and that can never work. We recognised this gap at 6clicks and that’s been our mission - to continue to evolve with the changing needs.

In response to the burning need for an AI-based solution to streamline GRC, we created Hailey, our resident artificial intelligence engine. Hailey can accurately go over multiple standard requirements and map regulations to simplify GRC. As soon as you finish a risk assessment, Hailey tells you where you stand in terms of various standards and regulations. With Hailey built into the 6clicks automation platform which already has an integrated content library, GRC no longer seems like an unscalable mountain!

Final thoughts

The paradigm shift in GRC continues as the environment around us keeps changing. The only way to counter this challenge is to move away from old-school approaches and explore the solutions that cognitive GRC offers. 

In the last 3 to 4 years, cognitive technologies have shown progress. Adopting these technologies for GRC creates a competitive advantage. This can help improve end-to-end GRC visibility and augment the decision-making process to create a more sustainable and efficient model for GRC implementation. 

Take a tour of the 6clicks platform and see for yourself how we are revolutionising the GRC market as the best GRC software.

Get started with 6clicks Related useful resources

  • Artificial Intelligence and Robust Content

  • The Adoption of Machine Learning & Artificial Intelligence to Risk Management and Compliance

  • Hailey AI: The secret to managing multiple security standards

  • Business Origami: The importance of folding ISMS into your GRC


Dr. Heather Buker

Written by Dr. Heather Buker

Heather has been a technical SME in the cybersecurity field her entire career from developing cybersecurity software to consulting, service delivery, architecting, and product management across most industry verticals. An engineer by trade, Heather specializes in translating business needs and facilitating solutions to complex cyber and GRC use cases with technology. Heather has a Bachelors in Computer Engineering, Masters in Engineering Management, and a Doctorate in Information Technology with a specialization in information assurance and cybersecurity.