What 2011 Holds in Store for Your GRC Program – Five Predictions | Prediction #2

Posted December 9, 2010, 9:16 am by Chris Noell

Image of Chris

Chris Noell

What does 2011 hold in store for your GRC program? My post on Tuesday, December 7th, defined my first prediction - Greater Focus on Risk Management Capabilities.

Read below for my second prediction for 2011 GRC programs.

Prediction #2 | Redeployment of Internal Resources

According to recent studies, risk and compliance functions spend the majority of their time on tactical administrative tasks. Indeed, studies show that as much as 62% of effort is spent on data collection versus 36% on analytics/risk mitigation, and 2% on other tasks. 

I’ve found that when tactical activities dominate a program, there are 3 main issues that arise – audit fatigue, low value outcomes, and low level of executive participation.

Audit fatigue: Let’s face it – facilitating an assessment process is a tedious and thankless job. Participants have a day job they are trying to complete and the assessment interferes with that day job.  If an assessment is bogged down in tactical activity, everyone loses patience.

Low value outcomes: The real value of an assessment comes out of the strategic activities – analysis and risk mitigation.  If the tactical effort is all-consuming, the analysis and remediation usually gets shortchanged, leaving the organization with a feeling that all their work was wasted. 

Low level of executive participation: Tactics do not interest executives, particularly if multiple meetings become consumed with process updates versus insight about the business gleaned from assessment findings.  Executives tend to start looking for excuses to not come to the next meeting.

In 2011, leading organizations will reverse these percentages, with more focus on strategic activities, through enhanced GRC workflow capabilities – such as better delegation and definition of controls – and in some cases, GRC outtasking.  In GRC outtasking organizations outsource process management to a third party like ANX and retain decision making and remediation in-house.

Come back on Tuesday, December 14, 2010 to read Prediction #3.

 
Filed under: Uncategorized
Edited September 10, 2015 by Eric
Listed in Communities:


You must be logged in to post comments.