SAP SE (NYSE: SAP) today announced the results of a global survey which indicates that despite the importance of governance, risk and compliance (GRC) in an organization, companies are not satisfied with their tools to meet regulations, and many are vulnerable to losing business or revenue as a result.
The survey, conducted by Loudhouse Research, involved interviews with 1,010 employees responsible for GRC in large organizations in the US, the UK, Germany, the Netherlands, Brazil, Japan, France, South Africa and the Nordics.
Most companies surveyed recognize the importance of investing in GRC technologies to create competitive advantage and profitability. However, the survey found that nine in ten organizations are not satisfied that they have adequate GRC technologies and processes in place. On average, only 46% of GRC data that an organization has access to is effectively captured and used to support strategic goals, and nearly half (48%) of organizations have not reviewed their GRC processes or technologies for at least three years. Furthermore, the vast majority (81%) of GRC professionals surveyed say risk and regulation has become more complex in the last five years.
"Companies need to act fast to limit exposure to further risk," said Thack Brown, general manager and global head of line-of-business finance at SAP. "The ability to effectively manage risk can help improve profits. Garnering IT support, investing in skilled resources and opening up funds to achieve and maintain a sturdy GRC system are critically important."
Based on the survey feedback, SAP recommends a five-point plan to improve GRC practices:
- Make a case for the strategic value of GRC. Governance, risk and compliance should be everyone's business, so it is important to educate the entire organization on the benefits of robust GRC processes.
- Make a decision about who's responsible. Businesses need to determine an owner to ensure accountability.
- Seek a holistic, future-proof solution. To satisfy future ambitions, consider architecture that will allow GRC to integrate with other business functions. A solution should be end-to-end and fully integrate with finance and other operational processes.
- Drive cultural change. GRC awareness and understanding should be prioritized at every level of the business. Organizations that respect the importance of GRC to commercial success will be successful.
- Do it now. Regulatory pressures in all industries are growing - now is the time to act.