Government Slideshow: Understanding Governance, Risk and Compliance
By Ericka Chickowski | Posted 06-18-2009Understanding Governance, Risk and Compliance
Aberdeen divided the respondents into three categories: best-in-class, industry average, and laggards. The rankings were based on respondent's estimates of year-over-year change in three performance categories.
Understanding Governance, Risk and Compliance - Page 2
Performance Category #1: Identification of weaknesses in existing risk management processes--Best-in-class organizations saw a mean improvement of 11.2%--Industry average organizations saw a mean improvement of 7.1%--Laggard organizations saw no change
Understanding Governance, Risk and Compliance - Page 3
Performance Category #2: Ability to translate risk assessment data into actionable recommendations--Best-in-class organizations saw a mean improvement of 9.6%--Industry average organizations saw a mean improvement of 5.8%--Laggard organizations saw no change
Understanding Governance, Risk and Compliance - Page 4
Performance Category #3: Flexibility to adjust to new or updated regulatory requirements--Best-in-class organizations saw a mean improvement of 11.5%--Industry average organizations saw a mean improvement of 4.8%--Laggard organizations saw no change
Understanding Governance, Risk and Compliance - Page 5
Aberdeen says enterprises emphasize compliance first, IT governance next and risk management last.
Understanding Governance, Risk and Compliance - Page 6
Best-in-class organizations have had compliance programs in place for an average of 4.6 years, governance programs for 3.9 years and risk management programs for 3.6 years.
Understanding Governance, Risk and Compliance - Page 7
Best-in-class organizations were most likely (39%) to report that improving operational efficiencies and reducing total cost was the top driver for investing in IT GRC.
Understanding Governance, Risk and Compliance - Page 8
Laggard organizations were most likely (36%) to report that addressing new and changing regulatory compliance requirements was the top driver for investing in IT GRC.
Understanding Governance, Risk and Compliance - Page 9
33% of all organizations establish and enforce consistent policies and procedures.
Understanding Governance, Risk and Compliance - Page 10
36% said they develop and improve IT governance frameworks.
Understanding Governance, Risk and Compliance - Page 11
16% reported they develop comprehensive "continuous compliance" infrastructure.
Understanding Governance, Risk and Compliance - Page 12
14% automate risk and compliance processes and controls.
Understanding Governance, Risk and Compliance - Page 13
70% of best-in-class organizations depend on centralized, automated controls and procedures, while only 24% of industry average and 19% of laggards do the same.
Understanding Governance, Risk and Compliance - Page 14
More than 43% of laggard organizations depend on centralized, manually-intensive controls and procedures, while 29% of industry average and only 12% of best-of-class organizations do the same.
Understanding Governance, Risk and Compliance - Page 15
Best-in-class organizations are more likely (85%) to have an executive or team with primary ownership of IT GRC initiative than average (55%) or laggard (49%) organizations.
Understanding Governance, Risk and Compliance - Page 16
Best-in-class organizations were nearly twice as likely to employ a hierarchy of accountability with defined channels for escalation and issue resolution than average or laggard organizations.
Understanding Governance, Risk and Compliance - Page 17
Only 31% of laggards regularly perform IT vulnerability assessments, while 70% of best-in-class organizations do so.
Understanding Governance, Risk and Compliance - Page 18
Only 29% of laggards regularly perform IT risk assessments, while 59% of best-in-class organizations do so.
Understanding Governance, Risk and Compliance - Page 19
Only 24% of laggards have standardized analysis and reporting for IT compliance, while 61% of best-in-class organizations do so.
Understanding Governance, Risk and Compliance - Page 20
Fewer than half of all organizations (39% best-in-class, 31% average, 24% of laggards) fail to systematically eliminate root causes of risks.
Understanding Governance, Risk and Compliance - Page 21
Approximately 55% of best-in-class companies, 29% of average organizations and 24% of laggards cross-map IT policies, objectives and process frameworks.
