One of my key clients recently called me up in a distraught state. Throughout the whole conversation—between the sobs, the tears, and the beating of chests—the only phrases that really stood out were “audit,” “compliance,” and “Sarbanes-Oxley regulation.” I decided to investigate further.

Once he had calmed down a little, my client, John—the GRC lead for a major multinational corporation—confirmed that his teams were facing a massive productivity challenge complying with audit requirements for the Sarbanes-Oxley regulation. They were spending a disproportionate amount of their productive time providing information and data from their systems to demonstrate compliance with regulatory requirements. And more importantly, the audit exercise was of a detective nature, highlighting what had gone wrong. His ask to me was that our GRC service should simplify things, and be more proactive.

John asked whether I could make the entire audit process more convenient, less manually intensive, and less passive—with a stronger promise of timely decision-making to mitigate risks related to compliance failures.

I like challenges…and the challenge was certainly on!

Artificial Intelligence-powered GRC

I came up with the idea of automating John’s governance, risk, and compliance (GRC) function using artificial intelligence (AI) to reduce the lengthy audit process. John agreed and together we embarked on a regulatory management journey to resolve his organization’s productivity and compliance challenges.

By leveraging speech and natural language processing (NLP), we were able to reduce the audit cycles, creating shorter lead times for better decision-making and measured actions for detected compliance problems.

John’s teams now had AI sitting on top of all the applicable regulations, and his teams spent more of their time proactively complying with rulings based on simulations and auto-discovery-related controls where something was starting to go wrong, rather than having to deal with the inconvenience of providing a load of audit evidence to auditors. Moreover, control failures were detected in near real time, allowing for quicker responses and corrective actions.

Huge complex sets of data could be processed and impact assessed by intelligent machines after automatically collecting them from various data streams and social media channels. John and his teams were amazed to see how using semantic intelligence, our machines powered by AI could automatically recommend enhancements and remediation on key controls, which meant that his teams were able to focus more on other value-adding tasks.

Using NLP for auditing also simplified the collaboration between John’s teams and my machines, which picked up sets of controls that had not only failed but in which something was starting to go wrong and could result in fines on account of non-compliance.

What to look for in a GRC solution

With regulatory compliance being a boardroom agenda, it is paramount that your Audit and Compliance function is managed efficiently and effectively, and supported by focused and targeted technology solutions.

Any third-party GRC solution should carry out end-to-end, continuous transaction auditing across your organization—identifying risk and implementing controls to improve the quality of your compliance and control environment, and maintaining your brand reputation. Your outsourced GRC solution needs to deliver timely escalation of any potential control gaps, helping you to mitigate the control gap and avoid potential compliance violations.

To find out more about how Capgemini’s GRC services leverage artificial intelligence to drive audit and compliance productivity while reducing cost, contact: ashiq.nagda@capgemini.com

Click here to learn more about how Capgemini’s Governance, Risk Management, and Compliance service can improve control monitoring across your organization, delivering real business value through increased compliance enhanced reputation.

Click the links to read the other blogs in this series: