The finance department is, by its very nature, concerned with risks. From investments to resource allocation and (finance) operations, CFOs have opportunities passed to them for review daily, with the task of evaluating whether the best-case scenario is worth betting against the worst case.
Executives who are responsible directly for governance, risk and compliance (GRC) within their organizations are especially aware of this dynamic. New technologies, regulations and complications seem to arise daily.
Yet while GRC is a key priority for many companies, a new study by SAP in partnership with Loudhouse Research indicates that many executives are failing to execute.
One of the most shocking numbers to come out of the research is that only 10% of the over one thousand finance executives interviewed claimed they were satisfied with their GRC processes, technologies and tools in place. Similarly, only one in ten believed that their company was at a stage where GRC was satisfactorily embedded across the organization, with managers sharing a balanced view and common metrics across all projects and processes.
It’s time we should all take a cold, hard look at the statistics and what they mean for our industry, and take the steps to correct GRC noncompliance before it comes back to bite us.
Numbers Don’t Lie
Industry-wide Uncertainty
According to the study, 57% of of executives surveyed are more concerned with external risks, while the remaining 43% believe that internal risks should be the focus.
Overall, those surveyed said that control failure (42%) and competitive forces (41%) are the biggest risks to organizations over the next 24 months. Financial and economic issues (36%) and employee performance (36%) follow on the heels of those concerns, with consumer behavior trailing behind (35%). However, 65% of respondents said that their organization couldn’t fully quantify or qualify their current risk exposure.
When taking a look at your internal risk you should also include fraudulent activities, non-regulatory compliance (e.g. supplier contract vs. invoice) or even financial risk coming from systematic issues like contract enforcements.
Fragmentation Within Departments
The participants also painted a troubling picture of super-fragmentation within companies and departments, with 67% saying that they use department or even issue-specific solutions, meaning only one-third of respondents had a unified technology platform to manage GRC processes. With numbers and guidelines decentralized, it can be impossible to know what needs to be done until it’s too late.
This number is corroborated by almost half (38%) of respondents saying they have experienced a lack of visibility and integration of frameworks, with many spending significant amounts of their time reconciling documentation and reporting. More than a third were unsure how to access necessary data.
The final clincher on the importance of reform for GRC technology? Respondents claimed to spend 59% of their time on administrative tasks, with only 41% dedicated to strategic input. Think of the number of high quality, productive hours of highly intelligent, highly educated professionals lost to spreadsheets and easily avoided busy work, and then come back and convince me that this isn’t important. In order to acquire and keep talent you better assure that they can focus on proactive GRC rather than administering tools or crunching spreadsheets.
If I Look Back, I Am Lost
Currently, organizations are generally reacting to GRC issues, instead of avoiding them. Over a third (34%) find that current processes and systems place too great a focus on the past, rather than strategic planning in an effort to avoid problems altogether.
Less than half of an organization’s GRC data is utilized for future strategic goals. As only half of surveyed organizations had even reviewed their GRC processes or technology for at least three years, many of these issues can be attributed to outdated and ineffective technology. The bottom line is that antiquated systems waste time, waste effort, and put the company as a whole at risk. With 75% of respondents globally (90% of US respondents) agreeing that GRC practices are due for an overhaul, it’s likely your team agrees.
How to Fix It
While the results of the study are a bit harrowing for GRC professionals – and finance professionals in general – it’s important to know that all hope is not lost. There are steps that can and should be taken to correct these issues, so that your own business can grow and move forward with confidence.
- Make a case for the strategic value of GRC to not only the finance team, but the rest of the company and the board. With most citing lack of support as a leading cause for poor GRC tools and technology, campaigning for an overhaul to the right people is a huge part of winning the battle.
- Make a decision about who’s responsible for ownership of GRC function, and make sure they’re prepared to be the point person for questions.
- Seek a holistic and future-proof solution that has architecture that allows for GRC to integrate into your ERP system and management tools that your business uses and scale and map to the brand as it evolves.
- Drive cultural awareness and change within your organization for a whole – when every employee knows what GRC is and why it matters to both, the company and them personally, your job will become much easier.
- Do it now. Some say that the best time to plant a tree was fifty years ago, and the second best time is now. I say that the best time to make sure your company management tools are effective, robust and integrated was when you opened the businesses, and the second best time is now.
Henner Schliebs is vice president and head of Finance Audience Marketing at SAP.