GRC integration (integrating governance, risk management, and compliance) has multiple benefits to help organizations achieve their objectives. Through multiple OCEG maturity surveys there are several documented benefits of integrated GRC capabilities including:
- Improved alignment of objectives with mission, vision, and values of the organization
- Better decision-making agility and confidence
- Sustained, reliable performance and delivery of value
- Capital allocation to the right initiatives at the right time
- Top to bottom accountability for key objectives, risks, requirements, and related initiatives
- Meaningful cost savings by reducing duplication and avoiding gaps in coverage
- Holistic and proactive view of risk management
“Those who have at least partially integrated GRC capabilities, as compared to those who remain siloed, are three times as likely to feel confident that they can evaluate their performance against established objectives and that they have selected and are implementing the right risk and compliance controls to protect that performance. They are more confident that they are establishing the right objectives and strategies and are better able to create and evaluate performance reports. They are simply more agile, resilient and competitive.” (OCEG GRC Capability Model, page 4-5).
So with all of these documented benefits of having integrated GRC capabilities in an organization, why do some organization still not integrate these capabilities?
The OCEG 2017 GRC Maturity Survey lists the top barriers to developing an integrated GRC capability.
The top 3 barriers in 2017 are the same three barriers from the last survey, just in different order.
- No established strategy for integration
- Inability to secure program / department cooperation
- Lack of champions
These are the consistent reasons why I have seen organizations struggle to integrate their GRC capabilities.
In order to reap the benefits of integrated GRC capabilities, organizations must establish a strategy or “road map” for integration. They must develop champions throughout the organization, and that will lead to more program / department cooperations. These are not simple tasks, but they are also not as difficult as some may believe.
I have developed GRC workshops that show the step-by-step strategic process organizations can use to receive the benefits of integration, and successfully integrate with ease.
For information on upcoming workshops, or to inquire about bringing the workshop to your organization, contact me for details.