The Convergence Evolution, a global survey of senior risk decision-makers, finds 50 percent of U.S. boards and 41 percent of boards globally are taking GRC very seriously, compared with just 13 percent in the United States and 10 percent globally among those polled prior to the recent financial crisis.
Management, Regulators Most Want Improved Convergence
In addition, respondents identified executive management (42 percent in the United States and 48 percent globally) and regulators (27 percent in the United States and 43 percent around the world) as the stakeholders exerting the most pressure on organizations to improve convergence of their GRC activities.
To ensure efficiency and effectiveness across departments, the survey found, leading companies are working toward a holistic – or converged – view, and adjusting the governance framework (such as board oversight) to better integrate business risk and compliance management.
This convergence approach can help minimize duplication of effort across the enterprise, yet prepare the company to adapt quickly to unforeseen circumstances, such as supply chain interruptions, IT failures or other disruptions.
Convergence at Early Stage for Most
“Organizations clearly are giving more prominence to integrating governance, risk and compliance activities, though most companies remain at a fairly early stage, confronted with issues such as the complexity of the undertaking and a lack of experienced executives in-house among the remaining key challenges,” said John M. Farrell, a partner at the U.S. audit, tax and advisory firm KPMG LLP and the Global Governance Risk & Compliance Leader.
Approximately 90 percent of respondents to the KPMG study found GRC costs had increased, an indication of the higher priority placed on GRC, but a potential tell-tale sign of opportunity to better coordinate managing these processes.
In addition, just 45 percent of U.S. respondents and 38 percent of global respondents said their organizations were effective at sharing information and resources across functions, and about a third of respondents said their companies were good at ensuring a consistent GRC approach across borders.
Just 7 percent of U.S. organizations and 9 percent of those globally say their GRC activities are fully integrated into their business strategies, the survey found.
Fragmented Approach Leads to Higher Costs
Deon Minnaar, a KPMG partner who leads the U.S. firm’s Governance, Risk and Compliance network, said, “This fragmented approach to GRC may provide some insights on why the costs of managing risk are rising. In our experience, convergence of governance, risk and compliance activity in an enterprise-wide, holistic program that is tied to corporate strategy can provide a much more efficient means of achieving effective risk management.
“As compliance needs grow with the ongoing release of new regulatory standards, corporate boards want assurances that senior executives are managing risk appropriately, and C-suite executives, in turn, increasingly have an eye toward bringing all associated processes under one roof,” Minnaar added. “Convergence provides an increasingly popular common-sense approach.”
Other highlights from the KPMG survey include:
- The increasing appetite in GRC is mainly driven by a desire to reduce risk exposure (54 percent in the United States and 51 percent globally) and the need to tackle overall business complexity (34 percent among U.S. firms and 35 percent globally).
- For 7 percent of U.S. organizations and 16 percent globally, governance convergence should result in long-term reduced costs.
- Forty-four percent of U.S. companies and 43 percent of organizations globally say they are effective at ensuring the quality and availability of data around GRC.
The survey involved polling of 177 respondents in June 2011 from a wide range of industries and regions, with roughly a third each from the Asia Pacific, Americas, and Europe, Middle East and Africa regions. More than half of the respondents represent companies with annual revenues of more than US$500 million. All respondents had influence over or responsibility for strategic decisions on risk management, and more than half of them were C-level or board-level executives.
About KPMG LLP
KPMG LLP, the audit, tax and advisory firm (www.kpmg.com/us), is the U.S. member firm of KPMG International Cooperative (“KPMG International.”) KPMG International’s member firms have 138,000 professionals, including more than 7,900 partners, in 150 countries.
KPMG is a global network of professional firms providing Audit, Tax and Advisory services. We operate in 150 countries and have 138,000 people working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.