Why Risk Professionals Need More IT Support
The majority of surveyed governance, risk and compliance pros said they cannot fully quantify or qualify current risk levels due to a lack of tech tools.
65% of surveyed GRC professionals said their organizations cannot fully quantify or qualify their current risk levels.
Only 21% of those surveyed describe their current technology as “extremely” effective in supporting continuous risk monitoring, and two out of five consider their current tech as being “not particularly” effective.
Survey respondents said they only capture and use just 46% of GRC data that they have access to.
56% of these pros said they capture and use no more than half of any available Internet of things data to support GRC.
61% said they capture and use no more than half of available email, spreadsheets and document data to support GRC.
54% said tech tools which would allow for continuous monitoring of internal and external data would drive increased effectiveness, while 43% said it would capture more areas of risk.
45% describe their organizations’ approach to GRC as “fragmented and largely reactive” with separate teams dealing with these issues, and only 11% say GRC is embedded at all organizational levels with common metrics throughout all processes and projects.
54% said they’d like to devote most of their time to providing strategic input to business to drive decision-making, but only 41% actually do this. Nearly three out of five spend most of their time on administrative/transactional tasks instead.
49% are concerned about increasing risk/regulatory complexities, and 47% admit that they’re challenged by an increased appetite from business for visibility/insight into effectiveness of controls/compliance.
44% are challenged by the need to reduce GRC costs, and 43% are concerned about a business focus on the consistency and quality of GRC information.