segunda-feira, 18 de fevereiro de 2013
A OCEG disponibilizou recentemente os resultados de sua pesquisa anual GRC Maturity. A pesquisa contou com 505 participantes, a maioria das áreas de Riscos, Compliance, Auditoria Interna e Governança.
A pesquisa é bastante interessante o qual destacamos os seguintes resultados:
Are performance management activities in your organization integrated to provide a clear view of enterprise-wide performance?
Integrated or harmonized for only for some businesses or types of risk 46.7%
Not integrated or harmonized; remain siloed 28.3%
Integrated or harmonized across all businesses 25.0%
What best describes the current level of integration between your processes for governing, assuring and managing performance, risk and compliance (commonly called GRC)?
We have established some consistencies in the ways that we address these activities across different areas of concern 56.9%
We are mostly inconsistent in how we address these activities across different areas of concern 30.5%
We are widely consistent in the ways that we address these activities across different areas of concern 12.6%
Is your organization adversely impacted by redundant or inconsistent processes for governance, assurance and/or management of performance, risk and compliance?
Yes, adversely impacted 47.1%
No, not adversely impacted 36.0%
I do not see redundancy or inconsistency of processes in my organization 16.9%
Is there greater GRC integration in your organization today than there was three years ago?
Yes, somewhat more 53.8%
Yes, substantially more 24.5%
No, but it is planned 14.3%
No, and we have no current plans for change 7.4%
Where your organization has integrated processes for governance, assurance and/or management of performance, risk and compliance (GRC), the results have:
Provided benefits that met expectations 73.1%
Failed to meet expectations 36 9.9%
Provided benefits that exceeded expectations 17.0%
Beneficial outcomes of integrating GRC processes across silos in our organization have included (select all that apply):
Reduced gaps in risk and compliance processes 60.4%
Reduction in redundant or duplicative activities 42.4%
Greater ability to repeat processes in a consistent manner 39.6%
Greater ability to gather information quickly and efficiently 38.8%
Greater ability to present consolidated, meaningful information and analyses to the board and senior management 37.6%
Reduced impact on operations from siloed and uncoordinated risk assessements 34.6%
Reduced costs of GRC processes 20.5%
We have not integrated any GRC processes 19.5%
Reduced impact on operations from siloed training on compliance requirements 18.9%
Other 2.8%
None of the above 1.6%
What are the greatest barriers to improving an integrated GRC approach in your organization?
Lack of champions 40.8%
No established strategy for integration efforts 39.6%
Inability to secure program/department cooperation 34.8%
Lack of a compelling business case or method to demonstrate ROI 34.6%
Belief it is too complex to undertake integration 31.6%
Information technology not aligned with GRC needs 26.0%
Not knowing how to start 16.6%
Other 7.8%
None 5.0%
What negative effects result from lack of integration of GRC activities in your organization?
Inability to gain a clear view of risks on an enterprise-wide basis 57.1%
Difficulty and time for consolidating and conforming disparate data 53.7%
Failure to effectively understand compliance and operational risks 53.1%
Inability to measure effectiveness of efforts 49.1%
Duplication or redundancy of efforts 48.9%
Inability to measure and control performance (efficiency, responsiveness, flexibility) of risk and compliance efforts 47.1%
Difficulty of maintaining accurate data 38.1%
Unreliable or unreconcilable risk assessment results 37.1%
Failure to provide governing authority with needed information to support decision-making 34.1%
None of the Above 5.2%
Other 3.2%
Negative effects from failure to integrate GRC in our organization give rise to:
Increased general operating cost 48.9%
Increased data management cost 40.7%
Increased personnel cost 38.3%
No quantifiable costs 22.0%
I do not know 20.0%
Reduced margins 18.0%
Higher cost of capital 12.8%
Higher supplier costs 11.8%
Less available or more expensive insurance 8.8%
Other quantifiable costs 2.8%
Who in your organization is responsible for leading strategy around integrating GRC processes?
Chief executive officer 18.7%
No one, we are not developing strategy for GRC integration 17.9%
Chief risk officer 64 17.6%
Other 13.5%
Chief compliance officer 11.5%
Chief finance officer 10.7%
Chief audit executive 5.5%
I do not know 4.7%
Does your organization have a management level committee to address integration of GRC enterprise-wide?
Yes 30.4%
No 34.6%
No but we are planning to do so 14.6%
No and we have no plans to do so but it would be a good idea 14.8%
I do not know 5.6%
Clique aqui e acesse os resultados da pesquisa.
.