According to a recent Gartner report*: “The global economic downturn is widely blamed on poor corporate governance, regulatory oversight and risk management. This perception, whether accurate or not, will likely drive intensified demand for more comprehensive and timely regulatory supervision and reporting, as well as technologies to ensure effective risk management and compliance.”
The report found that: “Governance, risk management and compliance remain poorly understood; however, an integrated approach to these disciplines is increasingly recognised as a critical undertaking for enterprise IT leaders.”
Governance, risk management and compliance remain poorly understood.
Gartner
It further found that: “The deepening worldwide economic crisis - which is blamed, at least in part, on failures of government regulatory oversight, corporate governance and risk management - is focusing more intense attention on these disciplines and the technologies that can support them.”
Further, it says: “A broader, more integrated international framework for risk management is likely to emerge as a result of perceived regulatory and governance failures.
“Governance,” it notes, “is the process by which policies are set and decision-making is executed.
“Risk management is the process for ensuring that important business processes and behaviours remain within the tolerances associated with those policies and decisions, going beyond that which creates an unacceptable potential for loss.
“Compliance is the process of adherence to policies and decisions.
“All three of these processes are of increasing concern to IT and business decision-makers, especially as the ongoing worldwide economic crisis continues on its unpredictable path. Technologies are already available that can help deliver significantly improved governance, risk management, and compliance processes and practices, but deployment will be made much more difficult by ongoing resource constraints. Regardless, regulators and other stakeholders are going to [propose] initiatives that will require more investment in automation to improve these processes and make information on risks and performance more broadly and quickly available.”
Getting serious
Gartner's strategic planning assumption for this sector is that, by 2016, global networks of regulatory authorities will require real-time reporting against international standards for risk management and financial reporting.
The author had the following recommendations to make:
1. Recognise that increasing regulation and scrutiny will make developing a governance, risk and compliance (GRC) architecture and road map even more important.
2. Make business analysis and risk management a required component of professional development planning.
3. Improve accountability, transparency, and measurability through process improvement, control automation and the use of governance frameworks.
4. Explore the integration of business analytics, Extensible Business Reporting Language (XBRL), and corporate performance management into IT GRC management software and enterprise GRC platforms to facilitate better IT, finance and corporate governance with more timely and valuable information.
“During this period of widespread economic upheaval, enterprises should recognise the importance of developing a GRC architecture and roadmap in an environment in which regulation is increasing and timeliness and accuracy of reporting will be under greater scrutiny,” the report concludes.
* Report courtesy of Gartner, information sourced from: The Worldwide Economic Crisis Will Bring Real-Time Reporting for Risk Management, French Caldwell, 9 February 2009.
Share