Firms acknowledge but ignore GRC benefits

Many financial institutions are aware of the high cost and risks of fragmented governance, risk and compliance (GRC) functions, yet few have taken action to consolidate their internal processes, according to a new study.

The 2007 Open Compliance and Ethics Group (OCEG) GRC Strategy Survey found that 250 firms in 15 countries are aware of the shortcomings of their internal controls but feel unable to make necessary changes to strengthen them.

Some 84% of respondents reported fragmentation of GRC activities and processes, while a further 65% claimed fragmented GRC caused serious business problems through duplication of efforts, redundant solutions, higher costs and increased risk.

Additionally, 75% of companies surveyed said they would scrap their current programmes and start over if possible. At the other end of the spectrum, 71% of firms that have acted on integration opportunities have realised benefits that met, or exceeded, company expectations.

“The survey revealed a higher degree of dissatisfaction and pain associated with current GRC approaches than we expected to find,” says Lee Dittmar, a principal with Deloitte Consulting, a primary sponsor of the survey. “However, while respondents recognised the need to reduce unnecessary complexity, and better integrate their risk and compliance needs with mainstream business processes, relatively few have taken action to address the problem.”

“Organisations want and need comprehensive frameworks and enterprise solutions to address governance, risk, and compliance challenges. This survey supports what we have learned from members of the OCEG community over the past several years,” says Scott Mitchell, OCEG chairman and CEO.

The full survey can be found at: www.oceg.org/view/GRCStrategyStudy.