Image via WikipediaRead a fascinating study from KPMG today - The Convergence Challenge, which is a global survey into the integration of governance, risk and compliance, originally published in February 2010. I literally wore out my highlighter as I tried to capture all the data, quotes and other material that jumped off the page to me.
For example, in the opening foreward they write, "...Fearful of both business failure and the penalties of non-compliance, many organizations have reacted by swelling their GRC departments. This has lead to a costly and complex web of often uncoordinated structures, policies, committees and reports, creating duplication of effort. Worse still, GRC has lost sight of its prime objective: to improve performance and efficiency. In short: the solution has become part of the problem! (my emphasis)
In recent years, internal auditors, risk officers, compliance offivers and information technology chiefs have begun to work together more closely, finding commonality between disparate GRC projects. Some organizations even formed GRC committees..."
I have seen first-hand at numerous client sites this scenario playing out. Departmental/Organizational silos are being struck down by foreward thinking leaders, because they know the value that is derived when GRC is done right. When we are able to share EthicsPoint's vision for GRC with organizations that have reached this stage of maturity, magical moments happen. The energy in the meeting ratchets up, and we get into really fruitful conversations on how value is created through these programs. As Oliver Engels, the European Head of GRC for KPMG in England states, "GRC convergence is an idea whose time has come. It is not simply a technology tool; it is a way to rationalize risk management and controls, giving management the information they need to improve business performance and achieve compliance."
Some other interesting statistics from the survey:
- 64% of respondents say GRC convergence is a priority for their organization
- 78% agreed strongly or slightly with the statement,"We see compliance encompassing internal policies, not just external rules and legislation."
- 59% believe the ability to identify and manage risks more quickly is among the main benefits of convergence
- 33% list improved corporate performance among the main benefits