The most popular and comprehensive Open Source ECM platform
Governance: Today’s Solutions Go Underutilized
GRC refers to an organization’s global approach to Governance, Risk Management and Compliance. But GRC is much more than this relatively simple definition. Paul Proctor, analyst at Gartner writes that, “when it comes to GRC technologies we have to define some boundaries or essentially GRC is everything and everything is GRC.”
GRC has additional categories that need to be considered. A recent survey by the nonprofit Open Compliance and Ethics Group (OCEG) found the top 10 spending priorities for GRC are:
GRC Category | Percent of Respondents |
---|---|
Risk Management | 33% |
Compliance Management | 30% |
Audit Management | 23% |
Automated Controls | 21% |
IT Risk and Security | 21% |
Policy and Training Management | 19% |
Business Continuity | 12% |
Reporting and Disclosure | 12% |
Third-party Management | 10% |
Fraud and Corruption | 10% |
It’s often hard to keep up with theh requirements requirements. Osterman Research reports that US Federal agencies, for example, publish 14.7 final rules and 9.4 proposed rules, every work day.
The OCEG report also found that half of organizations said that the GRC technology that they deployed is under used.
Michael Rasmussen, Chief GRC Pundit at GRC, said that “this is likely due to the siloed nature of technology usage… The majority of GRC solutions being used are stand-alone department or issue-focused solutions which comports with earlier finding that less than 20% of spend is on enterprise technology that spans across departments in the organization.”
Carole Switzer, OCEG President,, said that “one of the most striking findings is that the 70% of survey respondents recognize that the GRC technology currently deployed in their organizations does not meet their current needs, and this has led to two-thirds planning to increase their spend on GRC technologies to improve their use in the near future.”
Another interesting fact is that much of the technology that is being used to manage GRC is ad hoc or not sophisticated. Slightly more than half of organizations simply use spreadsheets, emails and office documents. 17 percent of organizations use custom-built software, and 30 percent are using commercial GRC-specific applications.