Global organizations ‘face significant gaps in enterprise risk management’

Published: Wednesday, 28 August 2019 08:23

New GRC survey uncovers mixed levels of executive confidence in organizations’ ability to manage risks, map ownership and identify third-party vulnerabilities.

Riskonnect has released results from of its new governance, risk and compliance (GRC) benchmark report. Conducted with Compliance Week, the market survey found that while organizations value enterprise risk management, only 20 percent have fully integrated processes and technology, which means most companies are leaving themselves vulnerable to legal, financial, regulatory and reputational risks.

The study polled 113 compliance, audit and risk executives from around the world to get a better sense of the state of organizations’ risk management capabilities, how effective they are at mapping risks, the GRC metrics they track and more. Aside from a general lack of integration, the benchmark also uncovered that executives have fairly low confidence in their organizations’ ability to manage and map risk: 61 percent said they are only somewhat confident in their organization’s ability to map ownership to a specific individual or role – with another 15 percent saying they aren’t confident at all. Similarly, only 18 percent said they were very confident in their company’s ability to map risk drivers across all functions, and 21 percent said the same about being able to map each control to a specific risk or requirement.

When asked who leads GRC integration strategies within the organization, the most common answers were the Chief Compliance Officer (29 percent), Chief Risk Officer (21 percent), Chief Executive Officer (15 percent), or the Chief Audit Officer (8 percent), with 17 percent indicating their company has no designated role.

Other key findings include:

More details.