Five tips for improving your organisation’s GRC practices


A global survey has found that although companies recognise the importance of governance, risk and compliance (GRC) for their organisations, the tools they are working with are unsatisfactory.

The survey, conducted by Loudhouse Research, involved interviews with 1010 employees responsible for GRC in large organisations in the United States, the United Kingdom, Germany, the Netherlands, Brazil, Japan, France, South Africa and the Nordics.

Nine out of 10 organisations surveyed do not believe they have adequate GRC technologies and processes in plan, and on average, only 46 per cent of GRC data that an organisation has access to is effectively captured and used to support strategic goals.

Though 81 per cent of GRC professionals said risk and regulation has become more complex in the last five years, 48 per cent of organisations had not reviewed their GRC processes or technologies for at least three years.

By having insufficient systems, companies are exposing themselves to regulatory danger and other risks.

“The ability to effectively manage risk can help improve profits. Garnering IT support, investing in skilled resources and opening up funds to achieve and maintain a sturdy GRC system are critically important,” said Thack Brown, general manager and global head of line-of-business finance at SAP.

Based on the survey feedback, SAP makes five recommendations to improve GRC practices:

  1. Make a case for the strategic value of GRC. Governance, risk and compliance should be everyone’s business, so it is important to educate the entire organisation on the benefits of robust processes.
  2. Make a decision about who’s responsible. Businesses need to determine an owner to ensure accountability.
  3. Seek a holistic, future-proof solution. To satisfy future ambitions, consider architecture that will allow GRC to integrate with other business functions. A solution should be end-to-end and fully integrate with finance and other operational processes.
  4. Drive cultural change. GRC awareness and understanding should be prioritised at every level of the business. Organisations that respect its importance to commercial success will be successful.
  5. Do it now. Regulatory pressures in all industries are growing – now is the time to act.

You can access the full research report here.

Share this post

submit to reddit

Leave a Reply

scroll to top