As the economic crisis that brought risk management to forefront recedes, the question of what shape enterprise risk management (ERM) initiatives assume in the coming year is a pertinent one for insurers.
1. Boards of Directors Returning to Risk Management: While the economic storm has abated, progressive organizations are still keeping a watchful eye on financial uncertainty and boards are driving initiatives to ensure that their ERM processes are rock solid and backed up by quantitative data.
2. Measuring the Effectiveness of Compliance Programs: The regulatory scrutiny of compliance programs is shifting from a focus on policies, procedures and retrospective audits, to proactive measures of effectiveness and hard-lined results. This year, organizations will seek to implement robust measurement programs to report on and demonstrate the effectiveness of their compliance programs.
3. Increasing Focus on Third-Party Risk Management: In an effort to be more cost effective, companies have outsourced business functions to third parties. While they can outsource many tasks, they can’t outsource responsibility, accountability and liability. The year ahead will see many companies adopting strict policies for better visibility and control over the supply chain and outsourced processes – proactively identifying potential risks, verifying that business partners are compliant, monitoring for changes that might create new risks and managing the remediation of incidents.
4. Convergence of Compliance and Audit as Integrated Processes: As we start 2011, the convergence of compliance and internal audit is becoming the rule rather than the exception. Very few organizations are investing in internal audit solutions without considering the inherent links and overlaps with their compliance programs. One without the other, or each implemented in disparate silos, creates the possibility of blind spots.
5. Continued Emergence of GRC in the Cloud: While there has been an acceleration of the cloud-based movement for the past several years, this is still a relatively new phenomenon in GRC. As the industry matures, buyers are increasingly seeking GRC systems that are interconnected with leading providers of legal and regulatory content, to create a single, unified solution. Cloud-based systems are ideally suited to providing freedom of choice to the legal and regulatory content appropriate for each organization.
