Impelling Business 4.0 thanks to GRC

The digital transformation of businesses within the frame of Business 4.0 is going to be one of the biggest challenges in all enterprises for the years to come. But how can this transformation actively be guided and impelled? Governance, Risk Management and Compliance (GRC) provide a promising approach for leading a business successfully.

Industry 4.0, the fourth industrial revolution, is linking the physical world to the virtual world evermore and thereby enabling entirely new, smart products and production processes. The meaning of this change is being underlined by the eponymous future project of the Federal Government. The technological basis for this project will be the internet and cyber-physic systems. Within the Internet of Things (IoT), these systems will communicate with each other as well as with humans. However, Business 4.0 does not only include the digitalization of industrial production and its processes but also economical processes which go further than the context of Industry 4.0, like e.g. accounting. The goods needed for production could be booked automatically, assuming machines could independently order these needed goods and also acquire them automatically, when they enter the warehouse using RFID-Chips. This way, not only industrial processes will fundamentally be changed but also the mercantile work environment itself. It will become more and more digital and distributed which in turn will have an impact on all levels from strategic business management to operative processes.

The 3 fields of action, governance, risk management and compliance, which are important for business management can be condensed by the term GRC.

Proactive change in businesses due to GRC

In many businesses, GRC is seen as a dull and unnecessary burden that is imposed on businesses in order for them to follow a particular set of rules. However, this point of view doesn’t do justice to GRC. After all, GRC sums up the 3 most important fields of action necessary for leading a business successfully.

  • Governance
    is leading a business on the basis of distinctly and comprehensively worded business goals and instructions. Governance extends over all business areas and business levels.
  • Risk Management
    is the entirety of all measurements that have to be taken in order to handle a business’s known and unknown internal and external risks. This includes the establishment of early warning systems for detecting risks as well as measurements for eliminating risk potentials and for treating risks that occur.
  • Compliance
    means the fulfillment of and the conformity with government laws as well as with rules and specifications, with (ethnic and moral) principals and procedures, standards (e.g. ISO) and conventions, which are all defined distinctly.

If one realizes GRC as a tool for actively controlling a business, the burden becomes a chance to impel the transition to Business 4.0. Instead of lagging behind the wave of innovation or being driven by it, said wave can be controlled within the business as it will be described in the following.

Governance shown by using the example of leading a digital business

Due to the increased networking both in between machines and in between humans, the work life and the work environment is being distributed. In the future, not only humans will have the ability to organize themselves but also machines which will lead to significantly more players in a business and on the market. The self-organization of every player (machine and human) will increase in order to make flexible decisions in the global network. Fixed working hours and working locations like we know them today will be a thing of the past once replaced with virtual jobs and flexible working hours. The physical presence of workers won’t matter anymore. This will result in a further blending of the working life and the personal life with the according impacts on the work-life balance. Additionally, the relationship between executives and employees will change. The direct leadership will change to a more indirect leadership. The direct delegating of employees will become more of a coaching like we know it from sports. Just like a coach, the executive will predetermine the tactic for the employees who will then have to operate self-organized on the court in order to reach the business goals. Such a coaching concept inevitably requires distinct guidelines and policies for pitching the business’s tactic and court. The fields of action governance and compliance are equivalent to the tactic and the court. The employees know what they are allowed to do and to what extend they are allowed to make decisions due to distinctly defined, transparent compliance guidelines. For this, governance sets the agenda. Therefore, it sets guidelines on all 3 levels, strategic, tactic and operative. For a clear orientation of employees it is necessary to set both the goals and the strategy for reaching the goals. Hence, executives can pitch the court and predetermine the tactic and only need to intervene in case there is a risk that the results won’t comply with the expectations. Thanks to the known and published guidelines, the court is transparent for the employees which, for example, enables them to connect their private concerns with the interests of their employer much easier.

It’s important that the policies which pitch the court are being taken seriously and the court is not being overstepped. To ensure that, a certain supervision of the governance’s compliance and the corresponding guidelines is necessary in order for a business to live GRC. This also includes the supervision of risks so that the executives can change the tactic accordingly in case a risk occurs. It is like in sports, when your opponent scores a goal and you are in deficit, so you change your tactic from defense to offense. The way this supervision can be arranged is described in the paragraph “Supervision of Risks and Compliance”.

A big risk for a coach is the player’s resistance. No matter how good the coach is he can’t win the match as long as his players don’t follow him. In big business transformations, like it often is the case with Business 4.0, employee’s resistance is bound to occur. GRC’s field of action “Risk Management” offers a possibility to attend the employee’s resistance and to initiate according measurements to avoid or reduce the resistance. In the following, risk management will be explained using the example of change management.

Risk management shown by using the example of change management

In order to successfully implement Business 4.0, the employees need to accept the strategy. In case they don’t approve the strategy, resistances develop which can slow down or even impede the transition. Therefore, it is important to accompany the employees continuously throughout the entire transition as well as taking their fears seriously and accepting them. Through an open and fair information and communication exchange, the chances and risks of every single employee can be assessed and possible solutions can be shown such as beneficial further training. A sense of unity can be created by providing transparency, making gradual changes step by step and actively including the employees in the strategy and the implementation. This sense of entirety can change a situation of fear into an atmosphere of awakening and transition.

To avoid employee’s resistance, an active and preventive risk management is useful. It should not only include the analysis of the employee’s resistance risk but also an active management and supervision. The supervision of risks is an especially important aspect, for example, in order to be able to detect signs of resistance early on and to execute according counter-measures.

Risk management needs to be done systematically. Risks need to be derived from the goals, and strategies for reaching said goals which pitch the path to Business 4.0 in form of instructions and guidelines so that a complete assessment of all the major risks can be made.

During the analysis, starting with the goals and strategies, the business processes and the according employees affected by the transformation should be detected in order for directed measurements and drawdowns of resistances to be executed. A solitary analysis of goals and strategies isn’t target-aimed since this implements measurements which either don’t concern the employees (yet) or potentially concern them into a whole other extent which would make other measurements much more suited for the time being. The fourth industrial revolution and the associated business transformation won’t take place in just a couple of months but in years or even decades. This is why a thorough analysis of the concerning business processes and employees is inevitable. Business 4.0 influences administration differently than it does IT or any of the production departments. Even just considering the temporal aspects it becomes clear that a deduced package of measures will be needed.

Due to the increasing flexibilization and the concomitant decentralization of organizations and processes, businesses have no other option but to actively and purposefully include their employees in the transition so that those employees can help shape the transition and live it for the long term.

Supervision of risks and compliance

The control of risks and compliance has to account for the virtual and decentralized character of the company. For this, heavyweight, monolithic solutions are out of place. Due to the immense amount of data, the supervision needs to be as automatic as possible with a decentralized agent which can independently assess and analyze the current situation.

However, for an understanding of where these kinds of agents are needed, a structured analysis is crucial; analyzing everything from goals over strategies and risks endangering those goals to the business processes and systems which depict everything. This is the only way how agents can be installed to the according places in order to assess the relevant measurements and analyze unwanted patterns.

Respective GRC tools simplify the analysis of business processes and the entire business. When choosing a tool, you should avoid using isolated applications but rather one tool which can model an entire business. This way, coherences, like the ones shown in this article, can be identified and analyzed easily. Considering the transparency you need to provide for the employees, you should pay attention to the GRC tool’s possibilities for direct publication of guidelines, instructions, and further documents. In order for the employees to be able to actively take part in the transformation of the business, there should be possibilities for collaboration so that new risks and according measures for preventing risks can be discussed.


The digital transformation of businesses creates new challenges for business management. Classical or analog management methods will reach their limits due to the increasing virtual and decentralized way of working. This article is about how a distinct GRC concept enables more effective business management by using transparent instructions and guidelines which are accessible to all employees. Furthermore, the risks of the transformation are supposed to be controlled actively, for instance detecting and counteracting potential resistances of employees early on. When choosing respective GRC tools it is important to mind collaboration features in order for employees to be able to be incorporated in the configuration of the digital transformation.