This is where governance, risk, and compliance comes into play – the idea is that it can be architected and integrated in a way that it becomes the DNA of your organization’s operating model – and the proof that the market is (and has been) shifting toward this type of integration (which requires a higher level of maturity) is in the 2015 OCEG GRC Maturity Survey. “75% of respondents say they have some level of GRC standardization and integration across their organization. Of those with integrated GRC strategies, 74% state that integration provided benefits that met expectations”1.
Achieving this level of integration is largely based on your organization’s risk management and governance maturity. SearchCIO published an article titled, “The GRC Maturity Model and Value Proposition,” which notes that “top-performing organizations have begun to combine GRC into an integrated set of standards, policies, guidelines, and procedures and tools that are in many respects similar to how we have historically integrated the disciplines of finance and accounting, or marketing and communications, or programming and testing”2. The author, Harvey Koeppel, goes even further to point out what Gartner defines as the four stages of GRC maturity, where the early stages are “tactical in nature” and the later stages are more “proactive”:
Is your organization on the path to becoming more proactive with how you’re managing GRC? Research such as the 2015 OCEG GRC Maturity Survey serves as a barometer to measure how you are progressing in your GRC practice compared to your peers, and it also serves as a guide to help you on your journey to incorporating GRC into the DNA of your organization.
We invite you to visit OCEG’s website to download a copy of the OCEG 2015 GRC Maturity Survey.
In the survey, one of the most striking results is illustrated below:
It seems to demonstrate that an integrated approach to orchestrating GRC functions makes it easier to link risk and performance, risk management and audit plans, etc. In other words, it makes it easier to provide management and board members risk-aware business performance management best practices.
Integrating the GRC functions means making sure they can work collaboratively with the same end in mind. To do so, mature organizations generally adopt a holistic, integrated GRC platform approach when they contemplate acquiring a GRC software solution.
* * * * * * * * * * * * * * * * * * * * *
1. 2015 GRC Maturity Survey – OCEG - www.OCEG.org - ©2015 all rights reserved
2. The GRC Maturity Model and Value Proposition - SearchCIO.com/TechTarget – www.searchcio.techtarget.com – Author: Harvey Koeppel