Date post: | 03-Jun-2018 |
Category: |
Documents |
Upload: | shanmugavelsankaran |
View: | 217 times |
Download: | 0 times |
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 1/83
An OCEG Benchmark on Current & Future GRC Technology Decisions
2014 GRC TECHNOLOGY STRATEGY SURVEYHOW ORGANIZATIONS APPROACH AND ADAPT THEIR TECHNOLOGY STRATEGY FOR GRC
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 2/83
About OCEG . . .
OCEG is a nonprofit think tank that helps organizations achieve
Principled Performance. We provide standards, resources and a hubaround which many professionals collaborate including: board members,
business executives and operators, risk executives, audit executives,
compliance executives, financial executives, IT executives, and HR
executives.
Our mission is to help organizations reliably achieve objectives while
addressing uncertainty and acting with integrity - this is Principled
Performance. We assist organizations in developing and implementing
GRC capabilities that enable Principled Performance by providing
authoritative resources for integrating the governance, assurance and
management of performance, risk and compliance. OCEG’s global
community exceeds 40,000 members and through collaborative effort
we continue to advance methods and measurements of success on the
path to Pr incipled Performance.
For more information go to www.OCEG.org or contact us at info@
OCEG.org
The OCEG 2014 GRC Technology Strategy
Survey was designed and analyzed by GRC
20/20 Research . . .
GRC 20/20 Research, LLC (GRC 20/20) provides clarity of insight into
governance, risk management, and compliance (GRC) solutions and
strategies through objective market research, benchmarking, training,
and analysis. We provide independent and objective insight into leading
GRC practices and processes, including market dynamics and intelli-
gence; risk, regulatory and technology trends; competitive landscapes;
market sizing; expenditure priorities; and mergers and acquisitions.
For more information go to www.GRC2020.com or contact GRC20/20 at [email protected].
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 3/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
3OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
Contents
INTRODUCTIONGRC Technology Impacts GRC Maturity
SURVEY DEMOGRAPHICSRisk, Audit, Compliance & IT Express Themselves
CURRENT STATEHow Organizations Currently Use GRC Technology
FUTURE STATEHow Organizations Plan to Use GRC Technology
IN SUMMARY
5 Key Takeaways
REFERENCESOCEG ResourcesOCEG GRC Solution Category Descriptions
OCEG GRC Solution Council MembersFul Survey Charts/Responses
Preface
If you’ve taken the time to read this survey, it’s likely you have a certain level of interest
in governance, risk management, and compliance (GRC). There’s no shortage of
information on the subject. An Internet search will throw up all sorts of tips, views and
best practices designed to help those responsible for these areas.
OCEG is the framework body for GRC. We advocate Principled Performance and
the role of GRC to enable organizations to reliably achieve objectives while addressing
uncertainty and acting with integrity.
This OCEG survey is focused on GRC technology strategy in understanding the use
of GRC technology in the current state of organizations and the planned future state
of where the organizations GRC technology architecture is headed. At OCEG we
want to see that GRC becomes part of your organisation’s DNA through the proper
implementation and use of GRC technology.
We hope this survey report provides you with some valuable insights.
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 4/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
4OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
Governance, risk management, and compliance (GRC) is something every
organization does — though not all do it well.. Every organization has some
approach to governing the organization, managing risk, and approaching
compliance with obligations such as regulations. It does not matter if an
organization uses the label GRC; the simple truth is every organization does
GRC in some form.
Some organizations have mature and structured processes and repor ting
on GRC that brings together an integrated and orchestrated view of GRCprocesses and information. Other organizations have fragmented approaches
where some aspects of GRC are more mature than others but fail to have an
overall coordinated strategy. For some organizations GRC approaches are ad
hoc and reactive.
The use of technology for GRC depends on organization strategy. Some
organizations look to develop an enterprise technology architecture (or
platform) for GRC. Other organizaitons lack an enterprise coordinated
strategy and have different depar tments going in different directions. Whether
at an enterpise level or a depar tment, GRC maturity depends on how well
GRC processes, information, and technology enable the organization to be
efficient, effective and agile to reliably achieve objectives [governance]
while addressing uncertainty [risk management] and acting with
integrity [compliance].
The proper selection and use of GRC technology is a primary factor in
measuring GRC maturity within organizations. From one perspective, we all
use technology in GRC. Pens and legal pads can be understood as technology
— at one point pens were high tech. Today, GRC technology is commonly
understood from the low-end of using documents, spreadsheets, and email
to manage GRC information, processes and reporting to the high-end of a
federated GRC architecture that integrates information and technology from
across the enterprise in an ecosystem of GRC processes and information
that works together as cogs in a machine automating GRC processes andreporting while providing accountability. There obviously is a wide range of
approaches in between.
OCEG’s 2014 GRC Technology Strategy Sur vey takes aim at understanding
organizations current use, planned future use, strategy, and satisfaction with
their use of technology to support GRC within their organizations.
Michael Rasmussen
OCEG Fellow & Co-Chair of OCEG GRC Solutions CouncilChief GRC Pundit & Analyst @ GRC 20/20 Research, LLC
[email protected] / [email protected]
INTRODUCTION
GRC Technology Strategy Impacts Maturity
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 5/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
5OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
A Word From Our Survey Sponsors
ACL delivers technology solutions that aretransforming audit and risk management.
“The survey shows that strategy for GRC is
changing and why it is such an incredibly exciting
and opportunistic time to be a GRC professional.
Four mega-forces in technology for GRC were
screamed out loudly by the survey results: cloud,
mobile, design, and data. It’s clear that those
affecting major change in their organization’s
approach to GRC are making applications
powerful and collaborative with the cloud,
extending their reach through mobile, driving insightand decisions using objective truth as manifest in
the organization’s data, while ensuring software
empowers (not frustrates). We are so proud to be
a part of ushering in this change in GRC, through
technology.”
Dan Zitting, VP of Product Mgmt & Design, ACL
Convercent enables an effective complianceprogram with integrated management,
mitigation and monitoring of compliance risk.
“The results of the survey provided a clear
indication that the world of GRC technology is
primed to leap forward in delivering GRC program
effectiveness that’s both measurable and innovative.
Too many organizations have a well-designed GRC
program but lack the ability to apply it in a scalable
way or to easily demonstrate its effectiveness, in
large part because the technology, a critical enabler
of an effective GRC program, is missing. We believethat the market is not only ready, but clamoring,
for easy to-use-technology that is well designed
and integrated, complete with native analytics and
reporting. This sur vey validated that belief. We’re
excited to be part of the journey.”
Michael Kleef, EVP of Marketing, Convercent
MetricStream delivers solutions for GRCand Quality Management Solutions for global
corporations.
“MetricStream helps clients adopt a federated GRC
architecture that aligns with business functions and
adapts as their environment changes. As the survey
demonstrates, GRC technology has advanced so
much that it can seamlessly connect processes,
systems, and departments across the global
enterprise. It can capture information from across
functions and systems, and aggregate this informa-
tion to decision-makers to successfully manage riskand make decisions. As organizations realize these
benefits, they are transforming their GRC technology
strategies, and we are delighted to be part of this
GRC Journey that our customers are on.”
– Vinay Bapna, Associate VP of Marketing,
MetricStream
The 2014 OCEG GRC Technology Strategy Survey is made possible through the support of the entire
OCEG GRC Solutions Council and particularly the following survey sponsor members:
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 6/83
SURVEY DEMOGRAPHICS
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 7/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
7OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
Risk, Audit & Corporate Compliance/Ethics Top Responders
The 2014 OCEG GRC Technology Strategy Survey had 273 respondents that fell across
a range of industries, geographies, and roles/departments in organizations.1
GRC happens within departments and across the enterprise. From a departmentperspective, GRC roles look to technology to assist them in managing GRC from adepartment perspective. An enterprise GRC perspective involves a GRC strategy,process, information and technology architecture that spans across departments.
The three primary roles responding to the survey (68% of responses) are riskmanagement (25%), audit (22%), and corporate compliance/ethics (21%). These roles,combined with IT and Security, make up the most common roles that OCEG and GRC
20/20 see in enterprise technology strategies for GRC.
What is interesting to see is the 5% of respondents who define themselves as aCentralized GRC Group/Architecture role. This role is only about two years old andalready seeing strong growth in organizations tasked to build and deploy informationand technology architecture for enterprise GRC.
1 Te OCEG 2014 GRC echnology Strategy Survey also surveyed professional service firms and GRC technology/solution providers. Te results in this report are just thosefrom those that purchase and use GRC solutions within their environment and do not include professional services firms or solution provider responses.
Risk Management Audit Corporate Compliance/Ethics Other GRC Roles
25% 22% 21% 32%
Other Roles Include . . .Information Technology (9%)
Centralized GRC Group/Architecture (5%)
Security (5%)
Business Management/Executive (5%)
Business Operations / Logistics (2%)
Finance / Accounting (2%)
Vendor/Supplier Management, Research,
Corporate Social Responsibility, Legal (4%)
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 8/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
Equilibrium of GRC Operational & Decision-Maker Roles
Other
Professional
Manager
Executive
Senior Vice President
Vice President
Director
51% were
Managerlevel andbelow
49% wereDirectorlevel andabove
3%
20%
28%
6%
7%
12%
24%
The survey results showed a nearly even split between GRC roles that were director
level and above (49% of respondents) with those that were manager level down intoprofessional/operational GRC roles (51%). This represents a balanced perspective onGRC technology strategy between decision makers and those using GRC solutions aspart of their daily GRC operational roles.
Often the perspectives on GRC technology can vary between the decision-makers(purchasers) of GRC technology and the manager/operational GRC roles that use thetechnology throughout every day. Having this evenly distributed balance of respondentsprovides an equilibrium to the survey results.
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 9/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
9OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
Distributed Organization Structure, Size & Industries
Organizations responding represented a distributed balance of size and structure. A
variety of industries were represented in the responses with financial services havingthe strongest representation.
40.3% oforanizationsresponding werefrom publiclytradedorganizations
11.6% oforganizationsresponding werefrom governmentorganizations
9.7% of organizationsresponding were fromnon-profit, educational, orstate-owned organizations
38%38.4% oforganizationsresponding werefrom privatelyheld organizations
40%
10%
12%
13.3% of oranizationsresponding havebetween 1 and 500employees
24.3 oforganizationsrespondinghave betweem501 and 2,500employees
26.6% of organizationsresponding have between2,501 and 10,000employees
36.0% oforganizationsresponding havemore than10,001employees
36%
13%
24%
27%
Others
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 10/83
CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 11/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
11OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
Utilization of GRC Technology in the Environment:
46% Utilized
51% Under-Utilized
3% Unsure3% Unsure
Utilization of GRC Technology in theEnvironment:
Organizations reported they have mixed success with their current use of
technology for GRC. The current stae of affairs shows a near even breakoutwith 46% of organizations claiming that their GRC technology is well utilized,with slightly more at 51% stating that GRC technology in their environment
is underutilized. This indicates that approximately half of the organizationsresponding feel they could do better in how they use their current technologyfor GRC within their environments.
Contrasted with how GRC solutions are deployed, this reveals some enlighteningperspectives. The majority of GRC solutions being used are department orissue-focused (81%) and are stand alone solutions not integrated with other
GRC technology solutions (80%). This aligns with GRC 20/20’s market researchthat indicates that over 80% of GRC technology spending is on department
and issue (e.g., risk, regulation) GRC needs and less than 20% of spend is onenterprise GRC that spans across departments in the organization.
Non-integrated,
stand alone GRC
solutions
80%GRC solutions aredepartment orissue focused
81%
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 12/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
12OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
Misaligned Technology to Meet Current GRC Needs
27% Aligned
70% Unaligned
3% Unsure3% Unsure
Alignment of Technology withCurrent GRC Needs:
Building on the mixed utilization of GRC technology used currently
within organizations is the surmounting concern that the GRCtechnology deployed does not meet the current needs of theorganization (70%), with a minority (27%) stating that GRC technology is
meeting their current needs.
The challenge is that risk and regulation has grown very complex. Manyindustries have seen regulatory change double in the past five years.Business operates in dynamic risk environments with intersecting risksthat are managed in silos that do not talk to each other. The businessitself is dynamically changing as employees, processes, strategy, financial
position, technology and relationships change. External risks bear downon the organization from market, geo-political, environmental, and
more. The complex web of suppl ier, agent, vendor, and other 3rd partyrelationships impact the organization. Risk and regulatory reportingrequirements have grown in complexity and often involve a complex webof data integration and analytics.
This misalignment is an indicator that organizations are discoveringthey need a very agile and dynamic GRC information and technologyarchitecture that can integrate with distributed systems and content feeds
and provide advanced analytics on the state of GRC and its impact on theorganization’s strategy, performance, objectives, and integrity.
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 13/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
13OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
BOTTOM LINE: Document/Email Approaches Challenge GRC
30%30% of organizations haveone or more commercialGRC solutions
S p r e a d s h e e t s
,
D o c u m
e n t s
, &
E m a i l
S o l u t i o
n B u i l t
I n - H o u s e
b y
I T C
o m m
e r c i a l
G R C
S o l u t i o
n
2 +
C o m m
e r c i a l
G R C
S o l u t i o
n s 53%
53% of organizations statetheir primary GRCtechnology isspreadsheets, documents,and email
24%
6%
17%
53%
No wonder organizations see such misalignment in GRC technology to meet their current needs — the
bastion of GRC technology in use is in the form of spreadsheets, emails, and documents. This approach isvery labor intensive and inconsistent which causes reporting errors and complexity, frustrates the line ofbusiness, lacks proper workflow and task management, and is simply not defensible.
Regulators and stakeholders are increasingly holding organizations accountable for audit trails and integrity
in processes that documents, spreadsheets, and email approaches simply cannot provide by themselves.They are important tools in the toolbox but organizations are realizing they need something more.
The impact on FTE’s is particularly significant. One financial services organization stated that 80% oftheir GRC staff resources were nothing more than document reconciles for reporting. Their task was to
reconcile and report on thousands of assesments and surveys for GRC in documents and spreadsheets thatwere distributed by email. A mess they are aggressively trying to correct.
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 14/83
FUTURE STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 15/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
15OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
Organizational Alignment to Take Action on Future GRC
GRC change is afoot! Where organizations earlier indicated that they had lacked alignment (70% of responders stating they were unaligned on
current GRC technology implementation), organizations report that they are deepening collaboration and communication across the enterprise forfuture GRC technology strategy and alignment (62% state they are aligned).
This is further evidenced by the fact that 44% of respondents state they have an enterpise GRC strategy going forward that spans departments. Thisis strenthened by another 35% of organizations indicating that they may not quite be set on an enterprise decision but have multiple departments
involved in GRC technology decisions.
Enterprisedecision acrossdepartments
Multipledepartmentdecision, butnot quiteenterprise
Singledepartment
decision
Groupdecisionfocused onspecificissue
Unsure orOther
44%
35%
8%3%
10%
Organizational Strategy to SelectGRC Solutions Going Forward:
62% Aligned
34%Unaligned
3% Unsure3% Unsure
Organizational Alignment to Take Actionon Future GRC Solution Initiatives:
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 16/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
16OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Spending Increasing Steadily
Keeping pace with a dynamic risk and regulatoryenvironment is demonstrating broad growth in GRCtechnology spending in 2014 (64%, of which 18% state thatspending is increasing over 25% from 2013.
Contrast that with only 14% of respondents indicating that
GRC technology spend is decreasing. This is a very positiveoutlook for GRC technology with such a small percentagecutting budgets in a tight and demanding economicenvironment.
25%Increase from1% to 10% 21%
Increase from11% to 25% 18%
Increase over25%64% Increased
Spending
14% DecreasedSpending
3% Unsure22% No Changein Spending
5%Decrease from1% to 10% 5%
Decrease from11% to 25% 4%
Decrease over25%
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 17/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
17OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
Organization Plans to Purchase GRC Technology
In context of the broad increase in GRC technology spending in 2014, 41% of the spending is going
toward new GRC technology (the assumption is the rest is on increased spending and implementationof existing GRC technology).
Beyone 2014, 27% of organizations indicate they will be acquiring new technology in one to two years(2015), and 31% plan on acquiring new GRC technology in two to three years (2016).
I m m
e d i a t e
P u r c h a s e
1 t o
6
M o n t h
s
7 t o
1 2
M o n t h
s
1 t o
2 Y e a r s
M o r e
t h a n
2
Y e a r s
41%Organizations thatindicate they plan topurchase new GRCtechnology in 2014
12% 13% 16% 31%27%
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 18/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
18OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
Crossroads In GRC Architecture Perspectives
Prefer a centralizedGRC Platform for theentire enterprise
Prefer a federated GRC Architecture
that allows best of breed integration
Decentralized andnon-integrated GRCsolution strategy
Undecided
17%
36%
27%
21%
Strategic Direction for GRC Architecture:
When it comes to future directions for GRC architecture
organizations are at a three way intersection of roads leadingto different destinations, with some (17%) undecided in whichdirection to head.
One road leads to a centralized GRC platform that over one-
third (36%) state is their GRC technology destination. This iswhere the organization standardizes one primary GRC platformfor the organization.
The second road is a destination of a federated GRC
architecture in which organizations on this journey (27%) acquirebest of breed GRC solutions that offer the greatest value tothe organization and integrate these systems where and when
it makes sense to do so. Often federated GRC architectureswill have a centralized GRC platform as a hub that other GRCtechnology feeds into for enterprise reporting and coordinationof GRC activities and processes.
The third road is a centralized and non-integrated GRC strategyin which these organizations (21%) purchase best of breedsolutions to meet their specific department or issue-focused
(e.g., risk, regulation) needs and do not see a need to integratetechnology for enterprise reporting and coordination.
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 19/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
19OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
Top 10 GRC Technology Spending Priorities
The OCEG GRC Technology Solutions Guide details twenty-seven categories of GRC technology. When survey respondents were
presented with these twenty-seven categories to list their top GRC technology priorities to acquire, they listed the following top ten astheir most critical needs:
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 20/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
20OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
49%
46%
44%
34%
27%
FUTURE: Top criteria for acquiring newsolutions for GRC:
Ease of Use
Price
Functionality
Configurability
Industry Expertise
53%
45%
34%
33%
19%
PAST: Top criteria that influenced choiceof current GRC solutions:
Price
Ease of Use
Functionality
Configurability
Customer Service,Financial Stability,
Local Office,Integration
Ease of Use Top Critera on Future GRC Technology
For the most part, the top criteria for evaluating GRC technology have remained the same between criteria used in the past with the
criteria for future GRC purchases. However, the one element that has moved to be the highes priority is ‘ease of use.’ Organizationsshow that they want GRC solutions that are practical and engaging to use. This is particularly important for GRC as it continues tomove communications to the front-lines of the organization.
It is also an indicator that organizations have frustration with complex GRC technology that is non-intuitive and difficult to use.
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 21/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
21OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
Factors That Influence Changing GRC Technology
What drives organizations to change the GRC technology they
currently use?
The primary driver of change is lack of functionality in theircurrent GRC technology (40% of respondents indicated). Businessis dynamic and the GRC challenges today requires advanced
intelligence, integration, analytics, and holistic situational awarenessof dynamic business, risk, and regulatory environments. GRCtechnology that was satisfactory a few years ago may be inadequateto meet the needs of GRC today and into the future.
Other factors driving change in GRC technology, but not asprominent as lack of functionality include::
A centralized GRC strategy to bring the organization to asingle GRC platform (17%).
Poor customer service in support and quality of currentGRC solutions (16%).
Migration to GRC solutions that are lower cost to aquire,implement, and maintain in the environment (6%).
Reduction in budget forcing change driving organizations toimplement technology to reduce overhead (5%).
What is thesingle mostimportantfactor whenchanging GRC
solutions?
Lack ofFunctionality
40%
17%Internal Moveto OnePlatform
16% PoorCustomerService
Lower CostCompetitor
6%
Reduction inBudget
5%
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 22/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
22OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
Primary Goals in New GRC Technology Adoption
Business changes, regulations change, risks change — in that
context GRC technology changes to meet the needs of dyanmic,distributed, and disrupted business. When looking for new GRCtechnology, organizations indicate that the primary goals they
aim to achieve are:
Complex risk and regulatory environments demandadvanced capabilities of risk data integration and analyticsto provide full situational awareness of risk (53%).
Organizations are realizing that good GRC requires goodinformation, there is increasing focus on the integrity andconsistency of GRC information (43%).
Regulatory change has more than doubled in severalindustries over the past five years (e.g., banking, insurance,
healthcare) and drives the organization to GRCtechnologies that enable regulatory intelligence and agility(41%).
When deploying new GRC technologies the organizationis driven to reduce costs while increasing the peformance
of business operations (both 39%).
53%
43%
41%
39%
39%
Increase analytics & rapid
visibility of risk
Improve consistency ofinformation
Meet new regulatoryrequirements
Reduce costs
Improve performance
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 23/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
23OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Deployment: to SaaS or not to SaaS
In today’s software world there are two primary deployment models to decide on when purchasing GRC solutions. One is the traditional software
model in which the organization purchases a perpetual license to the software and yearly maintenance. In this model the software is installed in theorganization’s data center. The other model is a Software as a Service (SaaS) model that is showing the strongest growth in adoption in the software
world. In this model the organization pays an annual subscription fee and the software is hosted for them in the Cloud and not in the organization’sown data center. There are hybrids to these approaches, as well as different types of SaaS models.
When it comes to buying behavior of those acquiring GRC solutions, there is roughly one-third (32%) that have a strong SaaS preference, while a littlelarger group (41%) prefer the older traditional software model. When combined with those who have no preference (about1/3rd), roughly 2/3rds ofbuyers are open to SaaS and 2/3rds of buyers are open to traditional software.
The acceptance, and particularly preference, of SaaS as the deployment model for GRC solutions is growing fast and most likely will over taketraditional software preference in the next one to two years.
32%Prefer SaaS
59%SaaS & No Preference
41%Traditional OnPremise
68%Traditional & NoPreference
VS
2
3
Nearly 2/3rd of the market areopen to SaaS GRC Solutions
1/3rd of the market stronglyprefer SaaS GRC Solutions
2
3
Just over2/3rd of the market areopen to traditional softwareGRC Solutions
Over 1/3rd of the marketstrongly prefer traditionalsoftware GRC Solutions
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 24/83
IN SUMMARY
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 25/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
25OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
Tone down and control spreadsheets, documents & email for GRC
Spreadsheets, documents, and email for GRC are not going to be entirely eliminated but certainly need to be better controlled. These
are tools on every desktop and they have a purpose. However, better technology needs to be used to overcome the pervasive use ofspreadsheets, documents, and emails to do assessments, send surveys, communicate tasks, and do reporting — otherwise they are a nightmare
that leads to the inevitability of failure as it drains FTE time, things get missed, and reporting takes a long time.
Understand that GRC is more than one technology
As defined in the OCEG GRC Solutions Guide and integrated into this survey — GRC technology is diverse. There is no such thing as a one
stop shop for GRC. An organization may standardize on a core backbone for GRC integration, analytics, management, and reporting but to
truly do GRC requires a range of technology investments and integration.
Define your GRC architecture strategy We reviewed the three architecture models for GRC: decentralized, centralized, and federated. A decentralized strategy typically points to
departments doing their own things and no enterprise coordination of GRC. A centralzied strategy often leads to one platform that tries to
do all things and forces much of the organization to the lowest common denominator. A federated strategy strikes a good balance between
centralized and decentralized by allowing for best of breed solutions where they make sense but integration between these systems or to a
common backbone to enable enterprise GRC management and reporting.
Keep up with change
The greatest challenge for GRC is a dynamic business environment in which the business, risk, and regulatory environments are in a constant
state of change. Agility is critical to align GRC with the business and technology should enable the organization to keep current with changingenvironments.
Delivering GRC engagement through intuitive and easy to use technology
The number one criteria organizations are looking for in GRC today and into the future is ease of use. GRC is complex as it is and
technology should not add to that complexity but simplify it and make it easy for every level of the organization to enage in GRC.
1
2
3
4
5 Key Takeaways
5
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 26/83
REFERENCES: ABOUT OCEG
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 27/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
27OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
OCEG GRC Solutions Category Definitions
Audit and Assurance Management
systems are used to manage audit cycles – this includes audit planning, resourcescheduling/calendaring, work papermanagement, and audit process management.They also support a risk-based approach to
audit planning to prioritize audits based on therisk to the business.
Board and Entity Management technology enables corporate governanceprocesses, frameworks, policies, structure,and activities in support of the overall
coordination of an organization’s board andmanagement responsibilities in accordancewith legal, fiduciary, legal structure, andoperational requirements. This includes theability to provide for board collaboration,
communications, reporting, board papermanagement, and voting.
Brand and Reputation Management systems track, report and manage responsesto an organization’s activities and customer,employee, partner and shareholder opinionsabout those activities. This area of technologyis rapidly expanding to encompass solutions to
monitor risk to brand and reputation acrosssocial media applications.
Business Continuity Management systems model, record and direct theresponsibilities, plans, actions and executionof continuity and disaster plans, testing of
operating procedures, alternatives, informationback-ups, data recovery and restorationprocesses during expected and unexpecteddisruptions to all areas of operation.
Compliance Management systemssupport the overall coordination of legal,regulatory, contractual, and corporate policyobligations and responsibilities with associatedcompliance tasks and records. This includesthe ability to monitor, document, and manage
changes to the regulatory environment andother obligations; to document all obligationsof the organization; to perform complianceassessments against obligations; and report onthe state of compliance.
Contract Management tools provide the
ability to create, manage, store, change, deliverand append all business-related contracts(with suppliers and clients) and applyorganizational policies and procedures, as wellas specific legal and local regulatory criteria, to
their administration.
The following categories are from the OCEG GRC Solutions Guide 2.1. This guide is collaboratively
developed and maintained by the members of the OCEG GRC Solutions Council.
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 28/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
28OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
OCEG GRC Solutions Category Definitions, continued
Control Activity, Monitoring, and
Assurance systems provide the abilityto define, document, map, monitor, test,assess, and report on controls within theorganization, including process and systemsdocumentation; manual and automated
controls; the limitations or conditions appliedto amounts and parties in a transaction;user access, rights, and responsibilities; andaccounts, workflows, and process initiation.This category of software is also oftenreferred to as Continuous Control Monitoring(CCM) or Automated Controls. This includes
the capability to test, on a continuing orperiodic basis, data and activity against definedrules to identify and report potential errors,the failure of controls, or inappropriate actions
– including tests of business transactions,
network activity, intrusion attempts, thesharing of confidential information or
intellectual property, systems access, etc. Alsoincluded in this area is the ability to do GRCdata analytics, monitoring, and mining.
Corporate Social Responsibility toolshelp document the objectives, measureperformance, assign responsibilities,recommend and monitor actions, organizecontextual news feeds, support internal andexternal reporting, and communicate relative
to an organization’s perceived relationshipwith the local and broader community,focused on the impact to its reputation, brand,and market growth.
Discovery/eDiscovery Management
tools assist in managing and communicating
discovery holds and uncovering, segmenting,organizing and storing electronic forms ofevidence that can be used in an investigation,both before and after the occurrence of therelated events, including tools that separate
potential discovery documents from theiroriginal locations and repositories. This
category of technology also includes systemsfor retention management that integratewith content/document systems to managethe storage, disposition, and retention ofinformation.
Environmental Monitoring and
Reporting systems and related applicationshelp monitor, analyze, record, and reportorganizational activity focused on compliancewith environmental laws and regulations,related corporate policy related to managing
environmental controls and conditions, andassessing the environmental impact of thecorporation’s operations, strategies, and plans.
Environmental, Health, and Safety
applications help manage the regulatory andpolicy-based guidelines and processes for
protecting and reporting on the workforce,workplace, resources-under-managementand external environment impacted by anorganization’s activities.
The following categories are from the OCEG GRC Solutions Guide 2.1. This guide is collaboratively
developed and maintained by the members of the OCEG GRC Solutions Council.
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 29/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
29OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
OCEG GRC Solutions Category Definitions, continued
Finance/Treasury Risk Management solutions provide an array of applicationsand systems used to identify and managethe risk factors, causes and responseprocedures in an organization’s financial andtreasury management. These include risk
technology focused on specific areas suchas liquidity, credit, market, and commodityrisk management that help identify riskand execute historical review, simulation,interpretation and projection of impacts onan organization’s financial assets given thepotential consequences of events and the
likelihood of events occurring sequentially orsimultaneously.
Fraud & Corruption Detection,
Prevention & Management systemsassist in the identification, response to,control, and reduction of incidents involvinginvestigation, misuse, theft or misapplicationof an organization’s resources and assets by
employees and/or third parties. Technologyincludes tools for data collection, monitoring,mining, and analysis as well as emergingtechnologies, such as social network analysis,social media sourcing, third party due diligenceand statistical modeling. This category ofsolutions includes software that addresses
such issues as anti-corruption/briberycompliance, fraud, and Anti-Money Laundering(AML).
Global Trade Compliance/International
Dealings systems document, manage, andprovide required reporting on relevant
regulations for the exchange of capital, goodsand services across international boundaries.
Hotline/Helpline systems provideinformation intake and response systems toprovide a confidential, independent resourcefor all employees and others to reportobservations related to issues as well aspotential acts of fraud, theft, inappropriate
or illegal behavior, negligence or otherimpropriety committed by employees,partners or contractors as well as seekclarification/guidance on conduct, policies, andprocedures.
Information/IT Risk & Security
Management systems implement theframeworks and principles that govern risk,security, controls and compliance-guidedelements in the planning, development,acquisition, delivery, use, integration, evaluation
and retirement of information and technologyresources.
The following categories are from the OCEG GRC Solutions Guide 2.1. This guide is collaboratively
developed and maintained by the members of the OCEG GRC Solutions Council.
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 30/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
30OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
OCEG GRC Solutions Category Definitions, continued
Insurance and Claims Management
platforms record and administer anorganization’s corporate Insurance, liabilityand warranty coverage levels and documents(including property and casualty, productliability, directors’ and officers’, and related
areas of core coverage) and help execute therelated claims, process the forms and monitorclaims administration procedures across
jurisdictions.
Intellectual Property Management
systems help identify, capture, organize
and protect the organization’s portfolio ofintellectual property (copyrights, trademarks,patents, trade secrets and all related intangibleassets with inherent value) and enable thelegal reuse and sharing of intellectual property
created by third parties.
Issue and Investigations Management
is used to manage investigations, issues,incidents, events, or cases: they specificallyprovide consistent documentation andprocesses for the management of events —from reporting, to managing and documenting
the investigation, to recording the loss andbusiness impact.
Matter Management systems administerthe collection of facts related to eventsand legal cases under investigation, for usein verifying their circumstances, in order
to provide valid information for testing byindependent parties with the confidence thatthe information provided is related to theseevents.
Physical Security & Loss Management systems enhance physical asset and individual
protection, and the authorization andmonitoring of access to an organization’sfacilities and property. This category oftechnology also includes systems to managephysical loss and theft.
Policy Management, Communication,
& Training systems that mange thedevelopment, record, organization,modification, maintenance, communication,training, and administration of policies,procedures, standards, and guidelines in
response to new or changing requirements orprinciples, and correlate them to one another.This also includes systems used to trainindividual learning and understanding of policyand risk areas to employees and extendedbusiness relationships.
Privacy Management systems and toolshelp to identify, capture, segment, and secureaccess to and use of personally identifyinginformation across information sources,applications and users in compliance with
applicable laws and regulations. Privacytechnology is broader than security
technology as it encompasses the accuracyand use of private information and not just theprotection of it.
The following categories are from the OCEG GRC Solutions Guide 2.1. This guide is collaboratively
developed and maintained by the members of the OCEG GRC Solutions Council.
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 31/83
31OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
OCEG GRC Solutions Category Definitions, continued
Quality Management and Monitoring
systems record, benchmark, track and manageactivity related to product and service qualityassessments and cert ifications, productionfailures, product recalls, design and deliveryimprovements and their related regulatory
guidelines.
Reporting and Disclosure applicationsinclude solutions for assembling anddistributing financial, operational, regulatoryinformation to management, the board,regulators and shareholders. These solutions
provide visibility and transparency relatedto business outcomes. Some solutions maysupport formats and templates required byregulators and agencies for required reporting.
Risk Management systems support theidentification, assessment, evaluation andresponse, and monitoring of risks andopportunities of risk across the organization.This includes the ability to monitor changesin the external and internal contexts to alert
an organization to changing risk conditions(e.g., geo-political, economic, competitor,technology, and natural disaster) that canimpact business. These systems help identifyspecific causes and execute historical review,simulation, interpretation and projection ofimpacts on an organization’s operations or
assets given the potential consequences ofevents and the likelihood of events occurringsequentially or simultaneously. This categoryincludes enterprise risk management systems,operational risk management systems, as well
as specialized risk applications.
Strategy, Performance, and Business
Intelligence include solutions for identifyingand managing corporate strategies, goals,and objectives and cascading them throughthe organization; optimizing operational andfinancial performance against those objectives;
and providing valuable information fordecision-making and reporting purposes.
Third Party/Vendor Risk & Compliance
solutions govern, record, and maintain thecommunication, attestation, and assessmentof code of conduct, contractual compliance,
risk and compliance self-assessments, andaudits across extended business relationships(e.g., supply-chain/value-chain, contractors,outsourcers, service providers, consultants,staffing agencies).
The following categories are from the OCEG GRC Solutions Guide 2.1. This guide is collaboratively
developed and maintained by the members of the OCEG GRC Solutions Council.
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 32/83
32OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
OCEG’s GRC Standards Library
OCEG’s GRC Standards Library helps to jump-start and improve your approach to achieving
Principled Performance.
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 33/83
33OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
OCEG’s GRC Certification, Surveys & Illustrations
OCEG has a range of resources that help organizations understand, apply, and communicate
Principled Performance and GRC.
Certifications
Surveys
OCEG One-Minute Polls on Focused Subjects
GRC Maturity
GRC Metrics & Measurement
GRC Technology Strategy
GRC Illustrated
OCEG has developed over 60 GRC illustrations that are infographics to help organizationsunderstand and communicate Principled Performance and GRC.
GGovernance
AAudit
PmPerformance
RmRisk
CmCompliance
Management
$$
$$
OPPORTUNITY
TECHNOLOGY
P ERF ORMANCE
RISK
COMPLIA
NCE
THREAT
Ineed tokeepmovingtowards my objectives.I’ll takea shortcut.
STOP
Don’tcross either oftheseboundaries.They representpromises we’vemade!
O B J E C T I V
E S Ican helpprovideassurance to
managementandthe boardthatimportantthings aregetting done-- theway wethinkthey are!
Whatdoes our performancescorecardlooklikerelativetoriskand compliance?
VOLUNTARY BOUNDARIESaredefinedby managementandincludevalues,contractual
obligations andother promises.
MANDATORY BOUNDARIESaredefined by externalforces including governmentlaws andregulation.
Whatbusiness model is requiredtoreliably achieveobjectiveswhileaddressing uncertainty andacting with integrity?
Whatare our mission,
vision andvalues?
Hereis our business modelandoperating plan toachievetheseobjectives.
• Objectives• Business Model• Budget & Resources• Risk Appetite• Performance Metrics
R I S K
R E W A R D
As wedrivetowardobjectives,wemuststay within boundaries.
Sometimes uncertaintypresents opportunitiesthatwe can seize.
Sometimes uncertaintythreatens our objectivesandwemusttakeaction
...andaddress uncertainty.
©2014 OCEG®
[email protected] forreprints orlicensing requests
1 CapabilitiesThink of capabilities as “tools” touse for many different purposes.Develop capabilities that can beleveraged by all of yourgovernance, management andaudit systems. This way, when youimprove the capability, allsystems benefit.
ALIGN PROACT DETECT RESPOND MEASURE
LEVERAGE
COMMONCAPABILITIES
INTERACT
LEVERAGE
COMMONCAPABILITIES
LEVERAGE
COMMONCAPABILITIES
Set mission/vision/values;define objectives in light ofopportunities, risks andrequirements; align strategieswith resources and processes.
Proactively identify changesin risks and requirements,incentivize positive conduct,and prevent unproductive orimproper conduct.
Detect when desirable andundesirable events occurusing a mix of techniques,both push-pull andmanual-automated.
Reward desirable conductand outcomes and remediateanything undesirable. Adjustcapabilities when necessary inresponse to findings.
Assess critical aspects ofcapabiltiies; measureperformance relative to riskand compliance.
Establish technology andinformation systems tocommunicate up, down andacross the organization andwith external stakeholders.
Ican providebetterassurancenow thatwe havea uniformway tomeasureandreport.
Now that weareusing ourresources moreeffectively,we'remorecompetitiveandour outcomes arebetterthan ever.
PathwayBy orchestrating integratedgovernance, audit andmanagement systems, anorganization can reliably achieveobjectives, while addressinguncertainty and acting withintegrity.
3
SystemsCore governance, audit andmanagement systems are thebackbone of an organization.They leverage commoncapabilities for multiplepurposes.
2
Pathway to Principled PerformanceGRC Illustrated
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 34/83
34OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
OCEG’s GRC Solutions Council
Members of OCEG’s GRC Solutions Council collaborate to develop educational materials on
the benefits of advancing GRC processes and technologies, as well as key resources to assistcompanies in maturing GRC strategy.
Affiliate Member:
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 35/83
REFERENCES: SURVEY RESPONSES
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 36/83
36OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
1
Value Count Percent
Publicly Traded 104 40%
Privately Held 99 38%
Government Agency/Organization 30 12%
Non-profit organization 17 7%
Educational Organization 5 2%
State Owned Enterprises/Crown Corporations 3 1%
Statistics
Total Responses 258
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 37/83
37OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
2
Value Count Percent
Risk Management 65 25%
Audit 58 22%
Corporate Compliance/Ethics 53 21%
Information Technology 23 9%
Centralized GRC Group/Architecture 14 5%Security 12 5%
Management (Executive / Corporate) 12 5%
Other 6 2%
Business Operations / Logistics 6 2%
Finance / Accounting 5 2%
Vendor/Supplier Management 1 0%
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 38/83
38OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
3
Research 1 0%
Corporate Social Responsibility 1 0%
Legal 1 0%
Statistics
Total Responses 258
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 39/83
39OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
4
Value Count Percent
Top Level Executive 15 6%
Senior Vice President 17 7%
Vice President 32 12%
Director 61 24%
Manager 72 28%
Professional 51 20%
Administrative 4 2%
Other 6 2%
Statistics
Total Responses 258
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 40/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 41/83
41OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
6Value Count Percent
Excellent 11 6%
Good 36 20%
Fair 74 42%
Poor 50 28%
Don't Know 5 3%
Statistics
Total Responses 176
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 42/83
42OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
7Value Count Percent
Strongly Agree 19 11%
Somewhat Agree 61 35%
Somewhat Disagree 58 33%
Strongly Disagree 32 18%
Don't Know 6 3%
Statistics
Total Responses 176
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 43/83
43OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
8
Value Count Percent
Strongly Agree 75 43%
Somewhat Agree 66 38%
Somewhat Disagree 22 13%
Strongly Disagree 10 6%
Don't Know 3 2%
StatisticsTotal Responses 176
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 44/83
44OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
9Value Count Percent
Strongly Agree 71 40%
Somewhat Agree 71 40%
Somewhat Disagree 14 8%
Strongly Disagree 17 10%
Don't Know 3 2%
Statistics
Total Responses 176
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 45/83
45OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
10
Value Count Percent
Yes, we have one GRC solution for the entire organization 41 23%
Yes, we have multiple GRC solutions that we use across the organization 60 34%
Yes, we have a GRC solution in my department but I am unaware of what other departments are doing 17 10%
No, we do not have any GRC solutions being used in our organization 56 32%
Don't Know 2 1%
StatisticsTotal Responses 176
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 46/83
46OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
11
In each of the following categories, how has your organization approached GRC technology solutions?
NOTE: Definitions for each of these categories can be found at http://www.oceg.org/resources/grc-technology-solutions/ (select all that apply):
Spreadsheets,Documents, and
Emails
Solution Builtand SupportedIn-House by IT
Commercial GRCSoftware for this
Category
Two or MoreCommercial GRC
Software Solutions forthis Category
Don'tKnow
Responses
Audit and AssuranceManagement
57%99
12%20
37%64
6%11
8%14
173
Board and Entity Management46%79
12%20
13%23
2%4
32%55
172
Brand and ReputationManagement
44%75
5%9
6%10
2%4
47%81
172
Business ContinuityManagement
50%86
15%25
23%39
3%5
20%35
172
Compliance Management59%102
12%21
28%48
8%14
10%18
173
Contract Management47%80
20%34
22%37
6%10
18%31
172
Control Activity, Monitoring,and Assurance
52%89
14%24
27%47
8%13
16%28
171
Corporate Social Responsibility41%70
5%8
9%16
2%3
46%79
171
Discovery/eDiscoveryManagement
34%58
9%16
13%22
6%10
45%77
172
Environmental Monitoring andReporting
42%72
8%13
13%23
4%6
40%69
171
Environmental, Health, and 44% 9% 14% 3% 38% 171
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 47/83
47OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
12
Safety 76 16 24 5 65
Finance/Treasury RiskManagement
39%67
20%34
25%44
8%14
24%42 173
Fraud & Corruption Detection,Prevention & Management
48%83
12%21
20%34
9%15
26%45
173
Global TradeCompliance/International
Dealings
32%54
8%14
12%20
4%6
51%88
171
Hotline/Helpline27%46
21%36
31%54
3%6
26%44
172
Information/IT Risk & Security38%
65
27%
46
34%
58
8%
13
17%
30
173
Insurance and ClaimsManagement
36%62
15%25
14%24
5%8
41%71
172
Intellectual PropertyManagement
38%66
11%19
7%12
1%1
49%85
172
Issue and InvestigationsManagement
45%77
12%21
25%42
5%9
24%41
171
Matter Management29%49
4%7
13%22
3%5
54%93
171
Physical Security & LossManagement 43%74 17%29 17%29 3%6 34%58 172
Policy Management,Communication, & Training
47%80
24%42
25%43
6%11
15%26
172
Privacy Management41%70
13%22
15%25
3%6
40%68
172
Quality Management andMonitoring
40%70
18%31
17%29
6%11
34%59
173
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 48/83
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 49/83
49OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
14
What has been your company’s average annual spend on GRC solutions in the following categories over the past
three years (include license fees, maintenance fees, subscription fees and consulting fees)?
NoSpend
$1 to$25,000
$25,001 to$100,000
$100,001 to$500,000
$500,001 to$999,999
>$1,000,000
Don'tKnow
Responses
Audit and Assurance Management19%32
17%30
15%25
7%12
2%4
0%0
40%69
172
Board and Entity Management22%37
11%19
5%8
3%5
0%0
1%1
59%99
169
Brand and Reputation Management23%
39
10%
17
3%
5
2%
4
2%
3
1%
1
59%
100169
Business Continuity Management21%35
13%21
7%12
6%10
1%2
0%0
52%88
168
Compliance Management15%26
14%24
14%23
8%14
1%2
3%5
44%75
169
Contract Management19%32
15%25
6%10
4%7
1%1
1%2
54%91
168
Control Activity, Monitoring, andAssurance
19%32
13%22
7%12
7%12
1%1
1%2
52%87
168
Corporate Social Responsibility24%41
10%17
4%6
0%0
1%2
1%1
60%101 168
Discovery/eDiscovery Management23%38
9%15
4%6
2%3
1%2
0%0
62%104
168
Environmental Monitoring andReporting
26%43
8%13
3%5
2%3
1%1
1%1
61%102
168
Environmental, Health, and Safety22%37
11%18
4%7
2%3
2%3
1%1
59%99
168
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 50/83
50OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
15
Finance/Treasury Risk Management17%28
10%17
6%10
4%7
2%3
2%3
60%100
168
Fraud & Corruption Detection,Prevention & Management
18%31
15%25
4%7
5%8
1%1
2%3
55%93
168
Global Trade Compliance/InternationalDealings
24%40
9%15
4%7
1%1
0%0
1%2
61%103
168
Hotline/Helpline18%30
15%26
9%15
4%6
2%3
0%0
53%89
169
Information/IT Risk & Security12%21
12%20
9%15
12%21
2%4
3%5
49%83
169
Insurance and Claims Management23%
39
9%
15
3%
5
3%
5
0%
0
3%
5
59%
99
168
Intellectual Property Management25%41
10%17
1%1
1%2
1%2
1%1
62%103
167
Issue and Investigations Management22%37
11%19
5%8
4%7
1%1
2%4
55%92
168
Matter Management27%45
8%13
2%4
1%1
1%1
1%1
61%103
168
Physical Security & Loss Management17%28
11%19
8%14
3%5
1%1
2%3
58%96
166
Policy Management, Communication,& Training
15%26
18%31
8%13
6%10
1%2
0%0
51%86 168
Privacy Management24%41
11%19
5%8
1%2
1%2
0%0
57%96
168
Quality Management and Monitoring21%35
11%19
4%6
4%7
4%6
1%1
56%94
168
Reporting and Disclosure20%34
11%19
9%15
1%2
1%1
1%2
57%95
168
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 51/83
51OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
16
Risk Management16%27
17%28
11%18
9%15
0%0
2%4
46%77
169
Strategy, Performance, and BusinessIntelligence
20%33
10%16
6%10
5%8
1%1
1%2
58%98
168
Third Party/Vendor Risk & Compliance19%32
17%28
9%15
3%5
1%1
1%1
51%85
167
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 52/83
52OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
17
Value Count Percent
A centralized "GRC Platform" for the entire enterprise across all relevant categories to your business 62 36%
A federated "GRC Platform" for certain categories and "best of breed" solutions in others 46 27%
A distributed range of "best of breed" solutions in different categories that operate independently of each other 36 21%
Other 7 4%
Don't Know 22 13%
StatisticsTotal Responses 173
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 53/83
53OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
18
Value Count Percent
Brand name 25 15%
Price 91 53%
Customer service 33 19%
They have a local office 17 10%
They are a large, financially stable company 33 19%
They specialize in my industry 33 19%
Best functionality in the area I oversee 58 34%
Ability to configure the software without vendor support & charges 57 33%
Ease of use 77 45%
Ability to integrate with existing ERP system 33 19%
Mobile functionality 6 4%
I can buy all the functionality/modules I need from the same provider 22 13%
Total Responses 171
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 54/83
54OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
19Value Count Percent
Internet search 101 59%
GRC software report 94 55%
Intermediary (eg: accounting firm, insurance co, law firm etc) 50 29%
GRC software advisor 64 38%
Referral from a friend / colleague 64 38%
Industry exhibition, web forum 66 39%Response to an advertisement 14 8%
Statistics
Total Responses 170
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 55/83
55OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
20
Value Count Percent
No new technology solutions are needed 36 24%
We are wait ing until the market matures before taking action or looking at new technology solutions for GRC needs 27 18%
We will primarily make use of boutique vendors and point solutions to meet GRC needs 34 23%
We will look primarily to our ERP provider(s) to help meet GRC needs 12 8%
Don't know 18 12%
Other 21 14%
Statistics
Total Responses 148
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 56/83
56OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
21
Value Count Percent
We are buying new point solutions to resolve specific GRC issues 44 30%
We are looking first to our existing environment for solutions can be used or repurposed 63 43%
We are extending our existing enterprise architectures with add-on solutions offered by our current enterprise software vendors 28 19%
We are extending our existing enterprise architectures by developing customized solutions 23 16%
Don't know 21 14%
StatisticsTotal Responses 148
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 57/83
57OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
22Value Count Percent
Lower or avoid costs 51 34%
Increase reliability 19 13%
Improve performance 58 39%
Improve consistency of information 64 43%
Increase analytics and rapid visibility to risk 79 53%
Reduce complexity 49 33%
Reduce risks 58 39%
Regulatory compliance 60 41%
Statistics
Total Responses 148
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 58/83
58OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
23
Value Count Percent
Audit and Assurance Management 34 23%
Board and Entity Management 5 3%
Brand and Reputation Management 4 3%
Business Continuity Management 18 12%
Compliance Management 44 30%
Contract Management 13 9%
Control Activity, Monitoring, and Assurance 31 21%Corporate Social Responsibility 1 1%
Discovery/eDiscovery Management 3 2%
Environmental Monitoring and Reporting 2 1%
Environmental, Health, and Safety 3 2%
Finance/Treasury Risk Management 12 8%
Fraud & Corruption Detection, Prevention & Management 15 10%
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 59/83
59OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
24
Hotline/Helpline 9 6%
Information/IT Risk & Security 31 21%
Insurance and Claims Management 3 2%
Intellectual Property Management 3 2%
Issue and Investigations Management 14 10%
Matter Management 2 1%
Physical Security & Loss Management 2 1%
Policy Management, Communication, & Training 28 19%
Privacy Management 4 3%
Quality Management and Monitoring 5 3%
Reporting and Disclosure 17 12%
Risk Management 48 33%
Strategy, Performance, and Business Intelligence 13 9%
Third Party/Vendor Risk & Compliance 15 10%
Other 7 5%
Don't Know 42 29%
Statistics
Total Responses 147
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 60/83
60OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
25
Value Count Percent
Strongly Agree 17 14%
Somewhat Agree 60 48%
Somewhat Disagree 32 26%
Strongly Disagree 12 10%
Don't Know 4 3%
StatisticsTotal Responses 125
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 61/83
61OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
26
Value Count Percent
SaaS 40 32%
Internally hosted 51 41%
No preference 25 20%
Don't Know 9 7%
Statistics
Total Responses 125
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 62/83
62OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
27
Value Count Percent
Annual subscription contract with no upfront license fee 24 19%
License with an annual maintenance contract 53 42%
No preference 37 30%
Don't Know 11 9%
Statistics
Total Responses 125
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 63/83
63OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
28
Value Count Percent
Lower cost competitor 7 6%
Internal requirement for One-Stop-Shop 21 17%
Poor customer service (e.g. support line, product upgrades) 20 16%
Lack of functionality 50 40%
Reduction in compliance budget 6 5%
Other 11 9%
Don't Know 10 8%
Statistics
Total Responses 125
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 64/83
64OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
29
What is the timeframe that you expect for your organization to implement new or additional GRC solutions?
Immediately1 to 6
months7 to 12months
1 to 2years
More than 2years
Don'tKnow
Responses
Audit and Assurance Management6%8
7%9
7%9
17%21
17%21
46%57
125
Board and Entity Management2%3
2%2
5%6
6%8
14%17
71%89
125
Brand and Reputation Management2%2
1%1
4%5
5%6
12%15
77%96
125
Business Continuity Management3%4
9%11
7%9
18%22
11%14
52%65
125
Compliance Management6%7
11%14
11%14
17%21
11%14
44%55
125
Contract Management3%4
8%10
6%7
9%11
11%14
63%79
125
Control Activity, Monitoring, and Assurance3%4
10%13
6%7
15%19
12%15
54%67
125
Corporate Social Responsibility
2%
2
2%
2
0%
0
9%
11
8%
10
80%
100 125
Discovery/eDiscovery Management2%3
3%4
3%4
4%5
11%14
76%95
125
Environmental Monitoring and Reporting2%2
2%3
2%2
8%10
6%8
80%100
125
Environmental, Health, and Safety3%4
2%2
2%3
10%12
8%10
75%94
125
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 65/83
65OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
30
Finance/Treasury Risk Management3%4
6%8
4%5
10%12
10%12
67%84
125
Fraud & Corruption Detection, Prevention &Management
2%3
2%2
7%9
13%16
11%14
65%81
125
Global Trade Compliance/InternationalDealings
2%2
2%3
2%3
4%5
10%13
79%99
125
Hotline/Helpline6%8
2%3
3%4
4%5
12%15
72%90
125
Information/IT Risk & Security5%6
6%7
11%14
15%19
12%15
51%64
125
Insurance and Claims Management2%2
1%1
2%2
4%5
13%16
79%99
125
Intellectual Property Management2%2
3%4
2%2
6%8
9%11
78%98
125
Issue and Investigations Management3%4
4%5
6%8
8%10
10%13
68%85
125
Matter Management2%3
4%5
2%3
2%2
10%12
80%100
125
Physical Security & Loss Management5%6
2%2
2%3
5%6
10%13
76%95
125
Policy Management, Communication, &Training
4%5
6%8
10%12
13%16
10%13
57%71 125
Privacy Management2%3
3%4
7%9
6%8
9%11
72%90
125
Quality Management and Monitoring2%3
3%4
6%7
10%12
10%12
70%87
125
Reporting and Disclosure3%4
5%6
7%9
5%6
8%10
72%90
125
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 66/83
66OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
31
Risk Management8%10
10%13
8%10
17%21
9%11
48%60
125
Strategy, Performance, and BusinessIntelligence
6%8
3%4
7%9
4%5
9%11
70%88
125
Third Party/Vendor Risk & Compliance5%6
2%3
10%12
10%13
6%7
67%84
125
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 67/83
67OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
32
What do you estimate your company’s budget on GRC solutions per year will be (once your company decides to
implement such software) in the following areas?
NoSpend
$1 to$25,000
$25,001 to$100,000
$100,001 to$500,000
$500,001 to$999,999
>USD$1,000,000
Don'tKnow
We do nothave abudget
Responses
Audit and AssuranceManagement
7%9
21%26
10%12
9%11
1%1
0%0
30%38
22%28
125
Board and Entity Management10%13
11%14
6%7
0%0
0%0
0%0
40%50
33%41
125
Brand and ReputationManagement
13%16
10%13
2%2
1%1
0%0
1%1
39%49
34%43
125
Business Continuity Management7%9
8%10
10%13
6%7
1%1
0%0
39%49
29%36
125
Compliance Management6%7
14%17
12%15
10%12
0%0
1%1
34%42
25%31
125
Contract Management11%14
7%9
9%11
6%7
0%0
1%1
40%50
26%33
125
Control Activity, Monitoring, andAssurance
10%12
14%18
6%7
5%6
1%1
0%0
34%43
30%38
125
Corporate Social Responsibility14%18
10%12
2%2
1%1
0%0
0%0
41%51
33%41
125
Discovery/eDiscoveryManagement
15%19
8%10
4%5
1%1
0%0
0%0
38%47
34%43
125
Environmental Monitoring andReporting
14%17
9%11
2%2
2%2
0%0
0%0
40%50
34%43
125
Environmental, Health, and Safety 13% 10% 3% 3% 0% 0% 37% 34% 124
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 68/83
68OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
33
16 12 4 4 0 0 46 42
Finance/Treasury Risk
Management
10%
12
6%
8
9%
11
2%
3
3%
4
0%
0
41%
51
29%
36 125
Fraud & Corruption Detection,Prevention & Management
11%14
10%12
8%10
2%2
0%0
1%1
38%47
31%39
125
Global TradeCompliance/International
Dealings
14%18
7%9
2%3
1%1
0%0
0%0
42%52
34%42
125
Hotline/Helpline12%15
12%15
6%8
2%2
0%0
0%0
38%47
30%38
125
Information/IT Risk & Security8%10
10%13
9%11
9%11
2%2
0%0
36%45
26%33
125
Insurance and ClaimsManagement
11%14
6%8
2%3
1%1
2%2
1%1
41%51
36%45
125
Intellectual Property Management14%17
8%10
2%2
0%0
2%2
0%0
40%50
35%44
125
Issue and InvestigationsManagement
12%15
8%10
8%10
2%3
1%1
0%0
38%47
31%39
125
Matter Management14%18
5%6
2%3
2%2
0%0
0%0
39%49
38%47
125
Physical Security & Loss
Management
11%
14
8%
10
5%
6
2%
2
0%
0
0%
0
38%
48
36%
45 125
Policy Management,Communication, & Training
10%12
10%13
9%11
2%2
0%0
2%2
37%46
31%39
125
Privacy Management10%13
10%12
5%6
1%1
0%0
0%0
41%51
34%42
125
Quality Management andMonitoring
14%18
5%6
6%8
3%4
0%0
0%0
38%47
34%42
125
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 69/83
69OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
34
Reporting and Disclosure13%16
4%5
9%11
2%3
2%2
1%1
38%47
32%40
125
Risk Management 9%11
10%12
10%13
8%10
2%3
0%0
32%40
29%36
125
Strategy, Performance, andBusiness Intelligence
12%15
6%7
6%8
2%2
1%1
1%1
40%49
33%41
124
Third Party/Vendor Risk &Compliance
11%14
10%12
3%4
5%6
1%1
0%0
38%48
32%40
125
Value Count Percent
Internet search 58 46%
GRC software report 83 66%
Intermediary (eg: accounting firm, insurance co, law firm etc) 36 29%
GRC software advisor 49 39%
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 70/83
70OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
35
Referral from a friend / colleague 52 42%
Industry exhibition, web forum 52 42%
Response to an advertisement 9 7%
Other 11 9%
Statistics
Total Responses 125
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 71/83
71OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
36
Value Count Percent
Brand name 10 8%
Price 57 46%
Customer service 32 26%
They have a local office 8 6%
They are a large, financially stable company 21 17%
They specialize in my industry 34 27%
Best functionality in the area I oversee 55 44%
Ability to configure the software 43 34%
Ease of use 61 49%
Ability to integrate with existing ERP system 27 22%
Mobile functionality 3 2%
I can buy all the functionality/modules I need from the same provider 15 12%
Statistics
Total Responses 125
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 72/83
72OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
37Value Count Percent
Peer feedback and recommendations 77 62%
Whitepapers 61 49%
Datasheets (short, 2 page overview) 25 20%
Webinars 28 22%
Product Demos 84 67%
Product Trials 50 40%
2 minute overview videos 7 6%
Blogs and other forms of social media 4 3%
Community forums and websites 23 18%
Statistics
Total Responses 125
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 73/83
73OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
38Value Count Percent
Audit 12 10%
Compliance 8 7%
Finance 25 22%
Information Technology 22 19%
Legal 3 3%
Risk Management 24 21%
Other 22 19%
Statistics
Total Responses 116
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 74/83
74OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
39
Value Count Percent
Audit 11 9%
Compliance 10 9%
Finance 15 13%
Information Technology 22 19%
Legal 7 6%
Risk Management 32 28%
Other 19 16%
Statistics
Total Responses 116
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 75/83
75OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
40
Do you plan to spend more / same / less on GRC solutions in the following categories over the next 3 years?
More Same Less Don't Know Responses
Audit and Assurance Management28%32
24%28
4%5
44%51
116
Board and Entity Management14%16
20%23
6%7
60%70
116
Brand and Reputation Management10%12
18%21
5%6
66%77
116
Business Continuity Management23%27
16%18
7%8
54%63 116
Compliance Management37%43
13%15
7%8
43%50
116
Contract Management20%23
18%21
6%7
56%65
116
Control Activity, Monitoring, and Assurance31%36
11%13
5%6
53%61
116
Corporate Social Responsibility10%12
19%22
6%7
65%75
116
Discovery/eDiscovery Management 10%12
17%20
5%6
67%78
116
Environmental Monitoring and Reporting12%14
16%18
5%6
67%78
116
Environmental, Health, and Safety11%13
18%21
5%6
66%76
116
Finance/Treasury Risk Management 16% 22% 7% 55% 116
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 76/83
76OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
41
18 26 8 64
Fraud & Corruption Detection, Prevention & Management28%
32
17%
20
5%
6
50%
58116
Global Trade Compliance/International Dealings9%11
16%19
7%8
67%78
116
Hotline/Helpline10%12
22%25
6%7
62%72
116
Information/IT Risk & Security34%39
15%17
5%6
47%54
116
Insurance and Claims Management9%11
22%25
7%8
62%72
116
Intellectual Property Management 8%9 19%22 9%10 65%75 116
Issue and Investigations Management18%21
19%22
7%8
56%65
116
Matter Management9%11
17%20
7%8
66%77
116
Physical Security & Loss Management10%12
22%25
5%6
63%73
116
Policy Management, Communication, & Training32%37
15%17
6%7
47%55
116
Privacy Management 16%18
21%24
5%6
59%68
116
Quality Management and Monitoring17%20
17%20
6%7
59%69
116
Reporting and Disclosure17%20
21%24
6%7
56%65
116
Risk Management 35% 17% 7% 41% 116
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 77/83
77OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
42
41 20 8 47
Strategy, Performance, and Business Intelligence22%
26
20%
23
5%
6
53%
61116
Third Party/Vendor Risk & Compliance28%32
15%17
5%6
53%61
116
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 78/83
78OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
43
Value Count Percent
Same as last year 21 18%
Increase of up to 10% 24 21%
Increase of 10% to 25% 20 17%
Increase of greater than 25% 17 15%
Decrease of up to 10% 5 4%
Decrease of 10% to 25% 5 4%
Decrease of greater than 25% 4 3%
Don't Know 20 17%
Statistics
Total Responses 116
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 79/83
79OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
44
Value Count Percent
Strongly Agree 9 8%
Somewhat Agree 44 38%
Somewhat Disagree 27 23%
Strongly Disagree 29 25%
Don't Know 7 6%
Statistics
Total Responses 116
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 80/83
80OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
45
Value Count Percent
In the official IT budget 23 20%
In the GRC budgets 19 16%
In the business functions (sales & marketing, HR, product development, finance, etc.) 16 14%
Split between the IT, GRC and/or business budgets 27 23%
My organization has not budgeted resources for any GRC enabling technology for 2014 17 15%
Don't Know 14 12%
Statistics
Total Responses 116
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 81/83
81OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
46
Value Count Percent
Strongly Agree 8 7%
Somewhat Agree 36 31%
Somewhat Disagree 35 30%
Strongly Disagree 29 25%
Don't Know 8 7%
Statistics
Total Responses 116
INTRODUCTION IN SUMMARY REFERENCESFUTURE STATESURVEY DEMOGRAPHICS CURRENT STATE
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 82/83
82OCEG SURVEY • 2014 GRC Technology Strategy Survey • www.OCEG.org • ©2014 all rights reserved
GRC Technology Survey 2013 Report
47
Value Count Percent
Enterprise 51 44%
Multiple departments 41 35%
Single Department 12 10%
Group/Issue 3 3%
Don't Know 9 8%
Statistics
Total Responses 116
8/11/2019 2014 Oceg Grc Technology Strategy Survey Final 05-27-2014 140812143159 Phpapp01
http://slidepdf.com/reader/full/2014-oceg-grc-technology-strategy-survey-final-05-27-2014-140812143159-phpapp01 83/83
www.OCEG.org
4835 E. Cactus Road, Suite 225
Scottsdale, Arizona 85254
United States of America
@OCEG
+1 (602) 234-9278
Contact us