Risk management is the most important part of an organization’s governance, risk and compliance program (GRC), according to a survey. When asked to forecast priorities, 33% of respondents stated that enterprise risk management is most important and 27% said ERM would continue to be important to their company. Out of 12 barriers to their GRC goals, organizations identified a lack of resources (52%) and lack of collaboration and cooperation (44%) as their top obstacles.
Courtesy of: CAREWeb
With 33% saying Risk Management is the most important it clearly shows too much focus on Governance & Compliance. Governance + Compliance = Value Protection whereas Risk Management = Value creation. We will only get it right if Risk Management is independent and value driven. When the focus is compliance you will “tick-the-box” at the end, if the focus is risk management you will build an effective risk culture and ultimately achieve sustainable competitive advantage.
@ Risk Culture Builder I do agree with you that independence and value will be key in getting this right. It will seem to some of us that this is best achieved through the continued improvement in GRC Technology. One can reliably confirm that SAP has done a good job of this.