1
A GRC Guide to Organizations Today, the largest percent of respondents (32%) believe risk management is considered the most important element within their organization’s GRC program. When asked to forecast priorities three years into the future, 33% of respondents state risk management is most important. Compliance declines slightly from 27% to 24% of respondents who say it will be most important. Governance and privacy increase slightly in three years. Response required the allocation of 100 points Importance of Privacy-related issues for each GRC domains 10% 20% 30% 40% 0% 32%-33% 27%-24% 22%-23% 21%-20% Risk management Compliance Governance Privacy & data protection GRC program How much of your organization’s GRC activities fall into each one of four GRC domains? Where did your organizations GRC program or initiatives start? IT represents the largest area of GRC-related activities and is where the majority of respondents say their GRC program started GRC activities are primarily contained within the IT function says 44% respondents – followed by 20% in operations, 19% age in finance and 17% in legal. 10% 20% 30% 40% 0% 50% 60% 70% IT function Operations Operations Finance Legal An overwhelming majority of respondents 63% say their o rganization’s GRC activities started within the IT function. Only 13% say GRC started in legal or finance, and 12% say it started in operations. Report on importance of privacy within four GRC domains - 76% of respondents say privacy is a very important part of IT GRC activities and 71% say it is very important to legal GRC. 63% 12% 13% 13% IT function Finance Legal IT GRC Legal GRC Operations GRC Finance GRC 40% 50% 60% 70% 30% 10% 20% 0% 80% 90% 100% 40% 50% 60% 70% 30% 10% 20% 0% 80% 90% 100% What best describes the working relationships among finance, IT, operations and legal GRC functions in your organization today? The top two barriers to achieve your organization’s GRC-related goals Activities believed to be essential in order to meet GRC objectives or goals Are GRC activities centralized or decentralized? Technology is very important for GRC-related activities 28% of respondents say there is frequent collaboration or cooperation among GRC areas and 56 % say they sometimes collaborate. Finally, as an indication that silos are breaking down, only 12% of respondents say they operate in silos with little or no collaboration. 56% 28% 12% 3% 1% Some collaboration Frequent collaboration Full integration Operate in silos Full integration Overall its organizations lack of resources (52%) and the lack of cooperation and collaboration (44%) are the two most salient barriers to successfully achieving GRC-related goals. The complexity of existing technologies (31%) and the lack of clear leadership (20%) are the third and fourth most salient barriers to a success according to respondents. Its very important that assessing risk (83%), monitoring compliance (63%) and developing strategies (61%) are considered the most essential activities in order to meet GRC objectives or goals. GRC-related activities considered less essential include advising the organization’s management (40%), responding to incidents (42%) and training or raising awareness (43%). Response measured using a five-point scale from 1+2 = centralized to 4+5 = decentralized GRC activities are more likely to be cen- tralized than decentralized. GRC activities relating to governance and privacy tend to be more centralized than activities relating to compliance and risk management tend to be decentralized. The primary technology solutions used to support GRC-related activities are risk assessment (81 percent), policy management (75 percent) and controls assessment (73 percent). lack of resources lack of cooperation and collaboration Organizational change lack of clear leadership 52% 31% 52% 19% Inability to set priorities 19% 15% 11% Difficulty in hiring skilled personnelt 4% Inability to get started (inertia) 1% 3% Lake of organizational maturity 3% Complexity of the program Lake of C-level support 20% Inadequacy of existiing technologies Complexity of existing technologies Assessing risk Monitoring compliance Developing strategies Reporting to senior management Creating and implementing policies Analyzing regulations Administering program Training and awareness Responding to incidents advising the organization 54% 46% 45% 52% 35% 31% 27% 26% 28% 23% 19% 13% Governance Risk mgmt Compliance Privacy Centralized Combination Decentralized 81% 75% 73% 68% 63% 53% 42% 42% 41% 35% 29% 25% 20% 16% Risk assessment Policy management Controls assessment Incident response & management Compliance monitoriing Training & awareness Records management (archive) Document management Regulatory monitoring E-Discovery Data inventory Business process mapping Business process analysis Data mapping 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% www.care-web.co.uk Three years from now (projection) Today
![National Association for Court Management 1 Essential Components Fundamentals and Foundations for Court Leaders Essential Components [Date(s)] [Educational.](https://static.documents.pub/doc/80x56/56649de55503460f94add1c9/national-association-for-court-management-1-essential-components-fundamentals.jpg)
