Doing more with less seems to be a way of life and business in these economic times. Respondents to a governance, risk management and compliance (GRC) survey agree. GRC managers from a broad range of market segments including financial services, insurance, health care, life sciences and manufacturing, say that growth in mandates has let to a resource shortfall they characterized as either “critical,” “serious” or “significant.”
Only about one-quarter of respondents claimed to have a formal process in place for assessing risk. Others depend on business managers or “ballpark” estimates. Twenty percent had no clear means of assessing risk at all. This lack of a consistent, accurate means of measuring compliance-related risk is a major inhibitor of risk-driven compliance management.
“The bottom line is that companies will have to respond to increasing mandates with reduced resources,” says Steve Lindseth, CEO and founder of AXENTIS. “To be successful, companies will eventually have to establish an efficient, risk-based compliance culture throughout their enterprise or risk the consequences. Technology can allow any company to start small, prove the approach works and then extend the solution, with little marginal effort, to the long list of compliance risks they face.”
Another report echoes the need for better GRC tools and processes. “Continuously Compliant: Ensuring Proactive, Comprehensive Compliance” from
The Aberdeen report says that an effective GRC solution is less a tool than a set of them including authentication tools, identity and access management tools, network access controls and application analysis tools.
The report also stresses the need to establish capabilities including a clear hierarchical accountability for compliance activities to achieve established objectives and goals, and also to identify an executive responsible with primary ownership of compliance program.