SOX News

Investment in Risk-Based Compliance Can Make GRC a Reality: Survey

(Nov 26, 2007)-- The lack of a single point of ownership and accountability seems to be a major roadblock to a successful Governance, Risk and Compliance (GRC) strategy, but an overwhelming majority of public company executives remain committed to implementing a GRC plan in the near future despite organizational challenges. Approva Corporation, the leader in continuous controls monitoring and audit automation software, recently conducted a state of the GRC industry survey to examine public companies' perception of the three-lettered acronym that is gaining traction in the boardroom. More than 200 respondents from publicly traded companies responded to the Approva GRC survey. Respondents included internal and external auditors, IT, finance and compliance professionals; with nearly 60% representing companies with one billion or more in annual sales.

As expected, lack of executive ownership, limited coordination among functional groups and pallid funding remains problematic. However, the majority of those surveyed have a governance, risk and compliance plan in place.

"Battle-worn from the years of implementing Sarbanes-Oxley programs, compliance groups now understand how to make governance, risk and compliance a reality out of existing and future investments," said Prashanth "PV" Boccasam, CEO of Approva. "The majority of the respondents are using or plan to use commercial software to automate compliance efforts and realize the value of extending corporate investment towards a well governed risk management process. Enterprises are now starting to understand that good governance translates into good business."

Key Findings Include:

-- 56% have a GRC strategy in place, with 84% believing that governance, risk and compliance should be viewed holistically

-- Nearly half are using or plan to use a commercial software solution to automate compliance efforts

-- 59% of respondents believe no single point of ownership and accountability to be the biggest challenge to implementing a GRC plan within their company

-- 82% of respondents believe that ease of use is a key factor in evaluating GRC software.

"There needs to be a paradigm shift in how companies transform the benefits realized from their Sarbanes-Oxley investments to a more long term risk-based approach to governance and compliance," said Scott Mitchell, CEO, Open Compliance and Ethics Group (OCEG). "The first step towards employing a GRC strategy to drive business performance is to get the right people in the room to speak the same language, and that's the challenge most companies are currently dealing with."

"With more than five years of Sarbanes-Oxley compliance under our belts, public company CFOs have now learned how to effectively address regulatory requirements, obtain executive sponsorship for major initiatives and realize business benefits from controls," said Michael P. Cangemi, CEO of Financial Executives International (FEI), the professional association of choice for senior financial management and reporting best practices. "The next level in corporate governance is to align the CFO, CIO and CSO organizations to join hands as partners in GRC."

"The landscape is too complicated with too many silos," said Paul van Kessel, partner of Ernst & Young (E&Y). "Over the last five years, companies made huge progress in managing their financial and related IT risks. The focus is now on two related topics. First: decrease the cost of compliance by elimination, simplification, standardization and automation of controls and second: integration of the financial risk management frameworks and approaches with enterprise risk management and business improvement initiatives."

Share or bookmarklet this web page at: