A recent survey shows that in times of increasing regulatory pressures only a third of businesses think they have robust processes in place to manage governance risk and compliance (GRC), writes Linda Endersby.
The survey, by Software AG, provider of Business Process solutions, gathered at a recent GRC webinar also revealed that over half the respondents are yet to implement a co-ordinated 'single version of the truth' response, using a fragmented approach to regulatory compliance and a poor tenth were confident that their firm operated an integrated GRC and audit processes based on a common platform.
"Many of today's businesses operate in heavily-regulated environments, yet try to get by with essentially siloed, spreadsheet-based compliance processes, with no centralised control or end-to-end accountability," said Simon Pritchard, head of financial services for Software AG UK.
Pritchard went on: "At best this is inefficient, resulting in an unnecessarily high cost of compliance, at worst this leaves a dangerous perception gap between the reality of day-to-day business operations and what risk and compliance functions believe they should be monitoring."
Recent research by Ernst & Young demonstrated that there is a definite relationship between mature risk management practices (including technology solutions) and financial performance, with many risk programmes becoming self-funding and even generating positive returns.
"In addressing key aspects of operational risk, financial control and reporting and regulatory compliance a best practice response should adopt an automated, process-oriented GRC approach based on a robust enterprise platform. This reduces the cost of compliance and leads to better, more-informed decision-making," says Pritchard.
Looking ahead, just under half of webinar participants were looking at continuous controls monitoring as a priority in implementing GRC initiatives over the next two years, with another 40% looking to make audits easier, faster and more cost-effective.
"The most forward-looking companies recognised the importance of incorporating effective GRC processes as 'business as usual,'" concluded Pritchard. "As a constantly-changing regulatory landscape requires them to engage in an on-going cycle of risk assessment, documentation of controls and processes, testing and addressing identified compliance shortfalls."