How Governance, Risk and Compliance Professionals Embrace the Transformation in the age of complexity
Your business is sailing through perilous financial waters on a finely crafted ship with all the most salient success factors. However, two looming threats could very quickly sink your operations: the risk of drifting out of compliance with regulations and the risk of moving too slowly as competitors seize your market share.
The simple truth is the majority of enterprises underway today are not adequately prepared for the complexity they must face in the market. Ninety percent of governance, risk and compliance (GRC) execs are unsatisfied with the tools, technologies and processes they use currently to navigate these treacherous waters. That’s one of the most striking revelations from a new survey on corporate risk and opportunity, conducted by Loudhouse Research and sponsored by SAP in the summer of 2015.
The Two Dangers
Execs pegged their number one and two threats to smooth financial sailing as competitive forces (42%) and control failure (41%). The difference between the two is statistically insignificant, yet they represent the two biggest challenges of staying afloat amid a sea of new regulations and financial turbulence.
The conclusion? Each enterprise must find a way to adjust the rigging and pursue original competitive advantages vigorously. At the same time, the enterprise must steer clear of GRC hazards multiplying beneath the surface.
The Consequences of Failure
GRC execs identified the top consequences of a lapse in attention as loss of business and revenues (45%), damage to brand reputation (42%) and business disruption (37%), followed closely by protracted lawsuits (32%) and the imposition of financial penalties (31%). Bracing for these threats requires the enterprise to batten down the hatches from a risk perspective and make sure all hands are fully on board with GRC priorities.
The equivalent of a red sky at night (a sailor’s delight) is a firm grip on the wheel of GRC. Three out of four execs said managing risk effectively can do wonders for profitability. Nearly two out of three (63%) said accessing a “single version of the truth” was crucial for propelling effective GRC decision making.
Three Lines of Defense
There are essentially Three Lines of Defense for GRC operations in the modern enterprise. Three lines of defense model is increasingly used as a guide and has now been widely accepted. In the financial sector the model has become a dominant principle of governance and has been accepted as a best practice by federal banking regulators and the Basel Committee on Banking Supervision.
What are the Three Lines of Defense?
Line One: Control business operations, and control risks in business activities.
A steady hand at the wheel is not enough. Adequate management of risk and controls in the current financial environment requires automation and continuous monitoring. A business begins to own its risk the moment it acknowledges the scope of its most pressing threats and establishes a rapid response team.
Line Two: Assess entity-level risk, and manage compliance activities.
Once the dangers have been clearly defined, GRC professionals begin to classify, monitor and report on risk status across the enterprise. Control and compliance are the essential functional categories of this line.
Line Three: Provide independent assurance.
There is little room for course corrections. The precision needed to meet constantly shifting regulatory requirements is the provenance of automation, along with continuous risk-based auditing. The murky future can be revealed more clearly with insights from independent internal audits. GRC must ensure policies and processes are in place and applied consistently, or the enterprise will be exposed to unnecessary risk.
Sign up for this timely webcast, Tuesday, December 15th, 10 A.M. ET, to get started moving in a new direction. Take a deep dive into the new world of GRC, and chart your course for future profitability in an increasingly complex age.