Guest post: Corporate Legal Departments Get Shipshape with GRC Technology
Like the guards posted at a sealed stone vault full of treasure hidden in the innermost sanctum of a fortress, internal legal departments are the guardians of a corporation’s most valuable assets — intellectual property, customer records, contracts, and much more. As cyber and regulatory risks increase, this trove of data and secrets has become a lucrative target for cyber crime and corporate espionage.
Beyond just the data security, internal legal teams are tasked with protecting and creating business value through negotiations, case strategy, and IP management. They are often the primary risk management and crisis response team. And, in many companies, they are charged with overseeing governance and compliance efforts, a mushrooming and ever-shifting mandate, especially in enterprises that span international boundaries, multiple regulated industries, and complex supply chains.
Yet even with such centralized and critical responsibilities —or perhaps because they are overtaxed by them — many legal departments lag behind in technology adoption.
To face these multifaceted challenges — all while controlling costs and resources — legal departments must find ways to significantly improve efficiency and productivity. Noted legal prophet Richard Susskind calls this the “more for less” challenge, a phenomenon he says has been accelerating since before the recession. Based on his research and discussions with global executives, he estimates general counsels (GCs) have been asked to reduce their budgets by 30 to 50 percent.
Heavy reliance on outside counsel can be prohibitively expensive. Not to mention, involving more people in the process increases the risk of human error. On the other side of the spectrum, bringing more tasks in-house only works if the GC’s team can increase its efficiency enough to handle more obligations. Hiring more staff is not often an option; resources have to be freed up by integrating better processes with purpose-built technology.
Surrender the Spreadsheet
One of the solutions Susskind proposes is to increase efficiency by breaking corporate legal work into smaller component tasks; routine and repetitive processes should be streamlined and automated. This means it’s time to give up the data silos and spreadsheets that many legal departments still rely on to manage compliance and governance work. This costly approach leads to duplicated effort, hinders collaboration and transparency, and is prone to error and coverage gaps. Governance, risk management, and compliance (GRC) technology solutions simplify and centralize data gathering, document controls, and activity tracking. This helps free up time, saving money and allowing teams to accomplish more with less. When everyone is on the same page, collaborative effort and accountability is fostered, and visibility across business functions increases.
Secure the Secrets
Trust and data privacy underpin almost every legal department responsibility. GCs simply cannot afford to leave data security and privacy concerns entirely up to IT. Legal department assets are targets. They are legally bound to protect many kinds of data (e.g., PII, PHI, financial). In the digital era, the data they protect is often the single most critical asset in the entire enterprise.
Vulnerability and risk management is an essential aspect of any cyber security program. GCs must ensure that data security and acceptable use policies and controls are thoroughly implemented. They are uniquely positioned to work across business units to manage risk factors. In the event of a data breach, the legal team must be prepared to be a central player in incident response. They are also the go-to experts when significant new regulations like the General Data Protection Regulation (GDPR) require a coordinated, enterprise-wide compliance effort.
GRC platforms map assets to policies and controls, sort and prioritize findings from vulnerability scanners, and speed up remediation. The strongest security programs do not rely on scanning, blocking, and containment systems alone – they integrate risk management activities that address policy, process, and people factors as well. GRC platforms streamline this through data gathering, continuous monitoring, dashboards, and heat maps.
Streamline the Systems
Spending less time on routine assessments, reviews, audits, and document preparation leaves more time for higher-level tasks that involve strategic thinking and creativity. Systematizing basic governance and compliance tasks is key to meeting growing responsibilities with fewer resources. Cloud-based GRC platforms are scalable and able to evolve with an organization’s enterprise-wide risk, audit, and compliance programs. They are flexible enough to adapt to existing processes and incorporate new regulations. These solutions can drastically reduce inefficiencies related to document preparation by automating repeatable processes and storing records of inquiries and responses for re-use. Third parties can be granted limited access to review completed questionnaires. Conversely, GCs can streamline their own assessments of vendors, suppliers, and partners. By tracking and documenting compliance activities in a central repository, audit preparations become significantly easier to complete and result in fewer findings and penalties.
Switch to Self-Service
More and more, legal departments need to function like a service business inside a larger organization. From document searches to NDA and contract review to intellectual property and trademark management, the internal legal services they provide are often routine and repetitive. Yet if overworked legal teams are unable to provide these services in a timely manner, important business functions in other departments are stymied or delayed. If legal is seen as a chronic bottleneck, others in the organization may look for workarounds or ignore policies and controls, leading to higher risk exposure.
One answer is to simplify and automate the fulfillment of routine requests, so that basic legal services are delivered on a more self-serve basis. Access to pre-approved templates and checklists allow other units to do their homework before requesting assistance. Workflow automation tracks request progress, easing planning and reducing email pile-ups. Centrally accessible libraries of policies and regulations allow stakeholders to be more accountable and prepared.
Some firms are even going so far as to use legal chatbots to answer routine inquiries and route requests. Others have begun to implement AI-driven document creation and review. These next-level innovations are sure to become more commonplace in the next few years, but they won’t be practical for teams that don’t have a solid technology foundation of streamlined and integrated systems to build on.
Doing “more with less” is about more than keeping up with the day-to-day. If GCs and their teams are able to shift their focus from mundane tasks, they can add significant value to growth initiatives, innovation efforts, and business resiliency. Through highly organized compliance and audit programs, integrated risk management capabilities, and streamlined services, these teams can empower their organizations to take advantage of opportunities, avoid disasters, and sail ahead of the competition.
Dennis Keglovits is the Vice President of Services at LockPath, a leading provider of governance, risk management and compliance (GRC) solutions.
Legal IT Insider only publishes comments with genuine editorial value and does not carry paid for advertorials. If you would like to submit a comment contact editor firstname.lastname@example.org