The survey polled 188 GRC managers from a broad range of market segments including financial services, insurance, healthcare, life sciences, and manufacturing. Key findings from this survey include:
Compliance demands continue to outstrip resources. 80% of respondents said that growth in mandates has led to a resource shortfall they characterized as either “critical,” “serious,” or “significant.” These conditions make it essential that they become more efficient – and better prioritize resource allocation.
Risk is recognized as a useful metric for prioritizing resource allocation. More than 90% of respondents believe it is their job to protect the business from the potential adverse consequences of specific compliance failures – rather than to simply check off items on a compliance checklist. It is thus logical for them to prioritize activities and resource allocation based on the magnitude of those risks.
Risk is not always measured accurately or consistently. Only about one-quarter of respondents claimed to have a formal process in place for assessing risk. Others depend on business managers or “ballpark” estimates. 20% had no clear means of assessing risk at all. This lack of a consistent, accurate means of measuring compliance-related risk is a major inhibitor of risk-driven compliance management.
Risk assessment alone is not enough. About half of the respondents who claimed to be measuring risk also admitted that they have no reliable mechanisms in place for applying risk metrics to establish priorities and appropriate treatments through compliance management activities.
Survey respondents were also asked to name – in order of importance – the capabilities that they currently lacked, but that they believed were most important for them to acquire. Out of eight possible choices, three choices consistently ranked at the top of respondents’ lists:
- The ability to prioritize compliance efforts based on actual business risk
- The ability to integrate compliance-related risk in enterprise GRC mechanisms
- A common repository for mandates, policies and procedures
More results from the survey are available online by clicking this link: "Compliance Managers Seek Risk-Driven Capabilities".
No comments:
Post a Comment