Governance, Risk and Compliance Survey 2016
[download the PDF
Leaders everywhere face increasing risks for their organizations. These risks come from all directions — regulatory, cybersecurity, financial, global competition, litigation, etc. — and put every leadership position on the front lines of risk management. But not all risks are created equal. And not all organizations or executives have the same appetite — or tolerance — for these risks.
Balancing risks versus opportunities, or proactively viewing risk as a driver of opportunity, is a key component of 21st-century strategic planning. Successful leaders will evaluate and implement risk management approaches that add strategic value to their organizations while prudently managing risks, thereby maintaining and enhancing competitive advantage.
To help executives plan for 2017 and beyond, Grant Thornton LLP deployed the Governance, Risk and Compliance (GRC) Survey
earlier this year. It’s important to note that GRC typically isn’t a specific organizational department, but instead is a collaboration among many roles and functions (e.g., legal, internal audit, audit committee, finance, compliance). The GRC Survey assessed the management of GRC activities and processes across these roles and functions. This required input from a range of titles and builds upon the research we conducted on internal audit and general counsel roles in recent years.
Major findings include:
Strategic risks are rated as highly significant, yet GRC leaders are not focusing time and budgets on them in order to measure and mitigate these risks.
Many organizations say their GRC maturity levels are ad hoc or fragmented; these organizations have great opportunity to make changes to improve their levels.
GRC leaders have not embraced the application of data analytics and technologies to GRC activities despite the benefits of these tools.
Third-party risks are still a threat, but other priorities have taken precedence over risk management activities.
Grant Thornton LLP is committed to helping executives and their organizations identify, prioritize, manage and monitor risks. Leaders can leverage this survey to optimize GRC activities and investments, and prepare for events commensurate with their organizations’ appetites for risk.