GRC – otherwise known as – Governance, risk, and compliance is a system that integrates these 3 essential components to support integrity and performance at every level of an organisation.

The rise of digital business has seen a growing interest in GRC, as organisations seek to manage increasingly complex compliance and regulation. Organisations, now more than ever, are looking for an integrated and comprehensive view of risk to improve strategic decision making. Although GRC technology is a very promising solution to these very contemporary demands, implementation can be a long process that shouldn’t be underestimated.

To discover what your organisation requires for a smooth and painless GRC implementation we have compiled a list of the top 5 challenges, observed across multiple industries. We have also provided suggestions on how to avoid them:


Implementing a robust GRC programme is no easy task and problems are most prevalent when there is a lack of direction. A GRC solution needs strong leadership to be effective and all the pain points listed below can be countered if this first obstacle is overcome.

Strong leadership and good communication are essential to embedding GRC into corporate culture – this process starts at the top.

Lack of leadership and strategy can result in the selection of an unsuitable GRC solution. Lack of coordination will often result in poor uptake and misunderstanding.

How to Avoid?

To ensure GRC technology implementation will be successful and add value to your company you should assign a project management team to the task. They should be well informed, with a defined strategy and a clear understanding of the business requirements.

For a GRC system to work as expected, leaders and teams should have a clear vision of what they need a solution to do and what will ‘fit’ the company.

  1. SCOPE

To reiterate again this is not an overnight process. Adopting a GRC technology is worthwhile, but it does take time and you can’t rush it. Speeding up the process increases the risk of complexity and affects the quality of implementation. Failure to plan and execute the change effectively can lead to costly delays and frustration.

How to Avoid?

Be realistic with the scope and timeframe. Provide reasonable estimates for roll-out activities and allow sufficient time to test for early glitches beforehand. The project managers should work with providers to plan and ensure accurate and pain-free implementation.

  1. SILOS

‘Silo mentality’ refers to a prevailing mindset- that each department within a company is reluctant to collaborate and share information or resources with other departments. A silo is a part of a company that does not work or communicate well with other business divisions.

A GRC system is intended to eliminate silos as too many can make risk and compliance processes ineffective. Nevertheless, if some departments and stakeholders are not involved in the selection and implementation of GRC technology then integration will not be fully achieved. Some may not adopt or accept the new technology and it may even compound the problem of silos.

How to Avoid?

To avoid this issue, collaborate with all departments and stakeholders in the selection, implementation and testing of a GRC system. This way all specific requirements should be addressed before the new system is rolled out. Make sure you are all singing from the same hymn sheet!


Old habits die hard and what we often see with painful GRC implementation is that manual processes continue to persist.

Analysing and reporting on large data sets from manual processes, is lengthy and prone to error. It needs to be avoided and the whole organisation needs to fully embrace the new system.

How to Avoid?

Be sure to train staff and allow them time to become familiar with the GRC technology. This will remove the desire to return to or persist with manual practices.

Automation will reduce departmental and informational silos. So, plan in enough time for testing, covering all possible scenarios and tackling unexpected barriers. You want your end-users to feel comfortable and confident.


Insufficient server capacity can lead to implementation failure, or significantly reduce the performance of the solution. Many companies have attempted to import a new technology only to find they do not have enough server capacity.

How to Avoid?

When selecting a GRC solution you need to be certain of the service capacity requirements. This shouldn’t be an issue if you have thoroughly researched your options and discovered your ‘best fit’. Establish a good dialogue between your provider and IT department to ensure the technological solution is compatible.


Many businesses are leveraging 1RS and our expertise to help manage risk and comply with regulations. We work in partnership with our clients to select a well-fitting GRC solution that meets their specific requirements.

If you want to find out if we’re a good fit then book a free, no-obligation discovery call.