Issuu on Google+

GRC “Perfect Storm” Leading Some to Incorporate Analytics/BI into the GRC Framework The rising tide of external and internal regulatory requirements is growing into a "perfect storm" of risk management focus as businesses struggle to mitigate and manage business, operational, and financial risks while ensuring compliance with new and existing regulations. In the wake of the recent financial services market upheaval, renewed scrutiny of governance and compliance practices is likely, and any new legislated regulation will apply to all. In a highly competitive global marketplace, this requires organizations to seek technologies and services that enable them to overcome these challenges. Through end-user knowledge and enterprise implementations, the Governance, Risk management, and Compliance (GRC) software and services market is still in a state of early-adoption and unclear definition. Loosely stated, GRC initiatives are defined as a set of technologies and services converging to ease disparate pain-points. To fully capitalize on GRC's business benefits, organizations across all industries are starting to incorporate Business Intelligence (BI) and analytic tools into their GRC framework at some level. Aberdeen Group’s July 2008 report “Is Your GRC Strategy Intelligent?” identifies the strategies, internal capabilities, technologies, services, and methodologies Best-in-Class organizations employ in their GRC initiatives, and provides a roadmap of actionable recommendations for companies seeking to optimize an existing implementation or begin developing a GRC initiative. Best-in-Class organizations have initiated effective, efficient, and visible risk management and compliance activities, allowing decision-makers to make business-critical decisions quickly, accurately, and with confidence. The report, available for free registered download from Aberdeen’s web site, highlights several of the performance and operational advantages that Best-in-Class companies experience, and details the capabilities, practices and technology investments that these companies are making. Here are four key findings of the study: 1. Understanding the importance of supplementing consistent monitoring of risk and compliance processes with relevant analytic tools allowed Best-in-Class organizations to increase visibility and knowledge into risk and compliance activities by a mean average of 34%; an average increase that is 2.5 times greater than all other organizations. 2. Best-in-Class organizations fully capitalize on the enhanced visibility and knowledge that analysis of GRC data provides, realizing a mean average 22% increase in the speed at which business-critical decisions are able to be made; an average increase that is 2.4 times greater than all others. 3. By augmenting consistent yet flexible enterprise-wide GRC policies and procedures with extensive communications, Best-in-Class organizations have increased their ability to detect significant weaknesses in internal controls by 16%, while realizing a 9% decrease of redundant activities / processes. 4. Best-in-Class companies have been able to reduce governmental (federal, state, and municipal) and industryspecific fines related to non-compliance by 14% and improve the efficiency of compliance tracking and reporting by 30%; an average improvement that is 9 times greater than Laggards. The full report can be accessed at: ETM subscribers can receive discounted access to the entire Aberdeen Vault library through: