By Carrie Burns

Doing more with less seems to be a way of life and business in these economic times. Respondents to a governance, risk management and compliance survey agree. GRC managers from a broad range of market segments including financial services, insurance, health care, life sciences and manufacturing, say that growth in mandates has led to a resource shortfall they characterized as either "critical," "serious" or "significant."

AXENTIS polled 188 GRC managers to gain insight into the growing awareness of the importance of business risk as a driver of corporate compliance management activity. The survey results revealed that GRC managers do consider risk a useful metric for prioritizing resource allocation, but risk is not always measured accurately or consistently.

Only about one-quarter of respondents claimed to have a formal process in place for assessing risk. Others depend on business managers or "ballpark" estimates. Twenty percent had no clear means of assessing risk at all. This lack of a consistent, accurate means of measuring compliance-related risk is a major inhibitor of risk-driven compliance management.

"The bottom line is that companies will have to respond to increasing mandates with reduced resources," says Steve Lindseth, CEO and founder of AXENTIS. "To be successful, companies will eventually have to establish an efficient, risk-based compliance culture throughout their enterprise or risk the consequences. Technology can allow any company to start small, prove the approach works and then extend the solution, with little marginal effort, to the long list of compliance risks they face."

Another report echoes the need for better GRC tools and processes. "Continuously Compliant: Ensuring Proactive, Comprehensive Compliance" from Aberdeen Group Inc. contends a greater investment in GRC tools is a necessity given the expected push toward closer regulation of all financial services industries, including insurance.

The Aberdeen report says that an effective GRC solution is less a tool than a set of them including authentication tools, identity and access management tools, network access controls and application analysis tools.

The report also stresses the need to establish capabilities including a clear hierarchical accountability for compliance activities to achieve established objectives and goals, and also to identify an executive responsible with primary ownership of compliance program.

This article was originally published on InsuranceNetworking.com.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access