NAVEX, the leader in integrated risk and compliance management software, today announced the publication of its inaugural 2023 State of Governance, Risk and Compliance Management Report. The data, based on a commissioned study conducted by Forrester Consulting on behalf of NAVEX, exposes the major obstacles governance, risk, and compliance (GRC) decision makers face as well as the gaps in GRC maturity, data, and organizational management. Nearly all 300 industry leaders surveyed at European and North American organizations think artificial intelligence (AI) could improve the performance of their GRC programs.
An effective GRC program should analyze data in a way that enables prediction and mitigation of potential business risks. Given the increasing complexity of both business challenges and regulatory requirements, risk management programs must become increasingly digitized and automated. The next logical step is to incorporate AI tools, said A.G. Lambert, Chief Product Officer at NAVEX. This research shows that mature GRC programs emphasize automation and the holistic integration of data; with several business functions contributing to and deriving insights from it.
Forrester Consultings data suggests a strong GRC program is important to meeting todays top business goals. While the trend of integrated GRC is a big buzzword right now, its analysis and insights are still highly manual and hindered by data silos. A comprehensive, integrated AI-powered system to view, analyze, and report on GRC data will empower organizations to break down these silos, analyze data more effectively, and automate control monitoring and compliance review.
- GRC program obstacles
Although many respondents indicate they are moving towards implementing a comprehensive, enterprise wide GRC program, more than one in three reported facing several obstacles. Namely a lack of financial resources (37%); lack of common understanding of organizational risk (37%); and lack of cross-functional accountability (36%).
- AI to play a crucial role in GRC programs of the future
Nearly all respondents (98%) said they believe AI could improve the performance of their GRC program as it is seen as an enabler of operational improvements. The top two use cases, each highlighted by 55% of respondents, were: incident management data collection and efficient integration of relevant risk and compliance data into reports.
Predictive AI will empower organizations and GRC programs to break down data silos to drive more efficient and timely data analysis. However, the survey findings indicate that most organizations are somewhat hesitant to adopt AI, with 57% expecting to incorporate some aspects of AI into their GRC program in the near future. The vast majority, (92%) said they believe AI will be incorporated to some degree into GRC program management, in the next one to three years.
- Data analysis leaves room for improvement
Asked to describe the level of technological/digital maturity of their organizations program, 64% responded either significantly or comprehensively automated. Yet, when asked how the data used in the GRC program is integrated for the purpose of analysis, only 26% said their organization has automated systems where data is collected, integrated, and stored. This suggests that many programs even those that are sophisticated in the collection of GRC data have room to mature in putting that data into practice.
More than 8 in 10 respondents reported that their organization faced one or several challenges in data collection, storage, analysis, or reporting. Nearly half of respondents (47%) cited legacy tools and technology with limited functionality and integration capabilities as among those challenges.
- Digital transformation and GRC program centralization
GRC programs that were described as significantly or comprehensively automated are more likely to be managed by a single department compared to GRC programs that have not undergone a digital transformation (45% versus 28%). This finding indicates that the more digitized a GRC program is, the more centralized it is and, thus, the more mature the program.
Forty one percent of respondents said, responsibility is spread across multiple functional areas, but the data is collected, analyzed, and reported by one department. Another 39% revealed that management of the overall GRC program is within a single function/ department (e.g., compliance, legal, HR). While 20% said responsibility is spread across multiple departments and geographies, and that data is analyzed and reported separately.
GRC is a strategic business enabler, providing executives with a comprehensive, actionable view of risk and risk mitigation. Yet, the majority of those surveyed for this report said their access to GRC data is fragmented, making it difficult to gain a holistic view of the organizations risk management challenges and successes said Carrie Penman, NAVEX Chief Risk & Compliance Officer. Organizations that successfully identify, integrate, and analyze GRC-relevant data from across the business will gain insight that will empower them to drive distinct competitive advantage.
To learn more, download the full report here.
About the 2023 State of Governance, Risk and Compliance Management Report
NAVEX commissioned Forrester Consulting to survey more than 300 GRC program decision makers at North American and European organizations. Respondents represented organizations from 1,000 to more than 20,000 employees and spanned industries including retail, travel and hospitality, manufacturing, business services, education and non-profit, financial services and insurance, and healthcare.
The NAVEX data science team looked at primary incident management benchmarking metrics for customer organizations using the NAVEX One platform. In addition to data analysis by customers that incorporated either one additional service (for a total of two) or more additional functions (a total of three or more) on the platform. For the three cohorts in this study, organizations had roughly the same mean number of employees, at around 15,000.
NAVEX is trusted by thousands of customers worldwide to help them achieve the business outcomes that matter most. As the global leader in integrated risk and compliance management software and services, we deliver solutions through the NAVEX One platform, the industrys most comprehensive governance, risk and compliance (GRC) information system. For more information, visit NAVEX.com and our blog. Follow us on Twitter and LinkedIn.
View source version on newsdirect.com: https://newsdirect.com/news/navex-research-reveals-ai-will-improve-grc-programs-836494971
Disclaimer: The views, suggestions, and opinions expressed here are the sole responsibility of the experts. No Sahyadri Times journalist was involved in the writing and production of this article.