GRC Technology

Working Smarter: Corporate Legal Teams Can Do More with GRC Technology

It’s not easy being a corporate lawyer. In the popular imagination, they are paid handsomely to say no to almost everything and write documents no one can understand. In reality, of course, the stakes are much higher. Internal legal departments hold a corporation’s most valuable assets — intellectual property, customer records, contracts, and more. Increasingly, this valuable collection of data and intellectual property has become a lucrative target for cybercrime and corporate espionage. As cyber and regulatory risks increase, the list of threats, pitfalls and enemies lying in wait grows longer.

Guarding against external attacks is only part of the job; as internal legal teams are also tasked with creating and protecting business value through negotiations, case strategy, and IP management. More and more, the legal team is now an integral part of the risk management and crisis response teams. In some organizations, legal teams are charged with overseeing governance and compliance efforts, an ever-shifting mandate, especially in companies that operate across international boundaries and/or multiple regulated industries, partnering with dozens of third parties along the way.

Because they are charged with a variety of critical responsibilities —often while understaffed — many legal departments lag behind in regard to technology adoption.

To address these challenges while controlling costs and resources, legal departments must find ways to significantly improve efficiency and productivity. Noted legal prophet Richard Susskind calls this the “more for less” challenge, a phenomenon he says has been accelerating since before the recession. Based on his research and discussions with global executives, he estimates general counsels (GCs) have been asked to reduce their budgets by 30 to 50 percent.

Beyond Silos and Spreadsheets

To increase efficiency, Susskind recommends breaking corporate legal work into smaller component tasks; routine and repetitive processes should be streamlined and automated. This means it’s time to give up the data silos and spreadsheets that many legal departments still rely on to manage compliance and governance work. This costly approach leads to duplicated effort, hinders collaboration and transparency, and is prone to error and coverage gaps. Governance, risk management, and compliance (GRC) technology solutions simplify and centralize data gathering, document controls, and activity tracking. This integrated risk management approach helps free up time, saving money and allowing teams to accomplish more with less. When everyone is on the same page, collaborative effort and accountability is fostered, and visibility across business functions increases.

Data Security is Not Simple

Preserving trust and data privacy is the first and last order of business for every legal department, a mandate that shapes every task and function. GCs simply cannot afford to leave data security and privacy concerns entirely up to IT. Legal department assets are targets. They are legally bound to protect many kinds of data (e.g., PII, PHI, financial). In the digital era, the data they protect is often the single most protected asset in the enterprise.

Integrated risk management is an essential aspect of any cyber security program. GCs must ensure that acceptable use policies and controls are thoroughly implemented. They are uniquely positioned to work across business units to manage risk factors. In the event of a data breach, the legal team must be prepared to be a central player in incident response. They are also the go-to experts when significant new regulations like the General Data Protection Regulation (GDPR) require a coordinated, enterprise-wide compliance effort.

GRC technology supports risk management programs, by mapping assets to policies and controls, sorting and prioritizing results from vulnerability scanners, and formalizing remediation tracking. The strongest security programs do not rely on scanning, blocking, and containment systems alone – they integrate risk management activities that address policy, process, and people factors as well. GRC platforms streamline this through data gathering, continuous monitoring, dashboards, and heat maps. 

A Systematic Approach to Routine Tasks

When corporate legal teams are able to spend less time on routine assessments, reviews, audits, and document preparation, they can task more resources with higher-level activities that involve strategic thinking and creativity. Systematizing basic governance and compliance tasks is key to meeting growing responsibilities with fewer resources. Cloud-based GRC platforms are scalable and able to evolve with an organization’s enterprise-wide risk, audit, and compliance programs. They provide flexibility to adapt to existing processes and incorporate new regulations, and can drastically reduce inefficiencies related to document preparation by automating repeatable processes and storing records of inquiries and responses for re-use. Third parties can be granted limited access to review completed questionnaires. Conversely, GCs can streamline their own assessments of vendors, suppliers, and partners. By tracking and documenting compliance activities in a central repository, audit preparations become significantly easier to complete and result in fewer findings and penalties.

Enable Self-Service for Internal Customers

Legal departments are under increasing pressure to function like a service business inside a larger organization. From document searches to NDA and contract review to intellectual property and trademark management, the internal legal services they provide are often routine and repetitive. Yet if overworked legal teams are unable to provide these services in a timely manner, important business functions in other departments are stymied or delayed. If legal is seen as a chronic bottleneck, others in the organization may look for workarounds or ignore policies and controls, leading to higher risk exposure.

One answer is to simplify and automate the fulfillment of routine requests, so that basic legal services are delivered on a more self-serve basis. Access to pre-approved templates and checklists allow other units to do their homework before requesting assistance. Workflow automation tracks request progress, easing planning and reducing email pile-ups. Centrally accessible libraries of policies and regulations allow stakeholders to be more accountable and prepared.

Some firms are even going so far as to use legal chatbots to answer routine inquiries and route requests. Others have begun to implement AI-driven document creation and review. These next-level innovations are sure to become more commonplace in the next few years, but they won’t be practical for teams that don’t have a solid technology foundation of streamlined and integrated systems to build on.

Bigger Picture, Bigger Payoff

GCs and their teams have the expertise to contribute in critical ways to growth initiatives, innovation efforts, and business resiliency. Doing “more with less” is about more than keeping up – strong and efficient legal teams can prepare their organizations to take advantage of opportunities, avoid disasters, and stay ahead of the competition. Developing integrated risk management capabilities, highly organized compliance and audit programs, and streamlined services is a tall order and cannot be achieved when the team is mired in mundane tasks. Smart, strategic use of supporting technology allows GCs to survey the field and play the game at a whole new level.

Check Also

NFTs And The Law: What Do I Actually Own?

A quick look into NFTs, and how they fit into a legal landscape that isn’t ready for them.