Compliance 360 has compiled a list of GRC industry predictions for 2011. Topping the list, corporate boards will shift their focus from survivability to implementing and enhancing corporate risk management programs. With the brunt of the economic storm currently abated, corporate boards are revisiting enterprise risk management (ERM) initiatives and validating those improvements with quantifiable measures.
1) Boards of Directors Returning to Risk Management: Boards are now picking up where they left off in 2007, before the economic collapse, focusing on managing and improving the business, rather than being consumed by keeping it above water. While the economic storm has abated, progressive organizations are still keeping a watchful eye on financial uncertainty and boards are driving initiatives to ensure that their ERM processes are rock solid and backed up by quantitative data.
2) Measuring the Effectiveness of Compliance Programs: With expanded regulations going into effect across various industries, organizations must not only show that they have a compliance program in place, but demonstrate that it is actually working. The regulatory scrutiny of compliance programs is shifting from a focus on policies, procedures and retrospective audits, to proactive measures of effectiveness and hard-lined results. This year, organizations will seek to implement robust measurement programs to report on and demonstrate the effectiveness of their compliance programs.
3) Increasing Focus on Third-Party Risk Management: In an effort to be more cost effective, companies have outsourced business functions to third parties. But in contrast to the economic benefits, these companies must also contend with the potential for increased risk. While they can outsource many tasks, they can’t outsource responsibility, accountability and liability. The year ahead will see many companies adopting strict policies for better visibility and control over the supply chain and outsourced processes – proactively identifying potential risks, verifying that business partners are compliant, monitoring for changes that might create new risks and managing the remediation of incidents.
4) Convergence of Compliance and Audit as Integrated Processes: As we start 2011, the convergence of compliance and internal audit is becoming the rule rather than the exception. Very few organizations are investing in internal audit solutions without considering the inherent links and overlaps with their compliance programs. One without the other, or each implemented in disparate silos, creates the possibility of blind spots. This line of thinking follows the “cockroach theory”: In the same way that seeing one cockroach in a restaurant is usually an indicator that many more remain unseen; one gap in a compliance program can have the same impact with regulators and cause them to look even closer into an organization. Forward-thinking companies realize that their internal audit and compliance programs can complement one another and help protect the business for the long haul.
Sign up for CIO Asia eNewsletters.