According to a recent Economic Intelligence Unit/KPMG survey, ‘A good offense is the best defense’, many companies find it difficult to keep pace with the rate of new regulations and compliance. As a result, a frequent response to a new regulatory requirement is to add an extra process or function, an ad hoc approach that may address the immediate issue but can lead to overlapping responsibilities, inconsistent processes, and duplicated efforts and costs.
Indeed, almost a third of the global executive respondents say that they spend more than 6% of their organization’s annual revenues on governance, risk, and compliance (GRC) activities. There is also near-universal agreement that the cost of these activities is rising. Over the past two years, 89% say that the cost has increased, and 84% expect it to grow further over the next two years.
Regulatory reform begins to reshape many industries. Organizations will need to maintain a dual focus on business performance and regulatory compliance in an environment in which both outcomes must be managed strategically and with agility. Industry leaders will need to strengthen their approach to measuring, managing, and mitigating risk. Organizations will also need a disciplined process for managing the entire spectrum of risks more effectively.
One approach to proactively manage regulatory compliance is by preparing for new regulations rather than reacting to them. A holistic approach to GRC facilitates a proactive stance by bringing both complex and disparate risk and compliance activities into alignment with corporate strategy and improving the efficiency and effectiveness of those activities.
GRC can be defined as a strategic approach to integrating risk management, regulatory compliance, controls, assurance structures and processes, supported by the intelligent use of IT and data management structures supported by a strong organizational culture.
A GRC strategy that is well planned and executed can significantly simplify processes, reduce costs and ease the compliance burden associated with increasing regulations and public policy.