Be the first to like this
Governance, Risk and Compliance (GRC) is a multibillion-dollar industry worldwide and signs are that it’s growing. A 2009 AMR Research Inc. study found that US companies were expected to spend $29.8 billion on GRC across software ($9.2bn), external services ($6.6bn) and internal efforts ($14.0bn). Risk management followed by regulatory compliance was sighted as the key driver for the expenditure.
Despite the significant level of investment, apart from pockets of excellence, few financial services firms seem to have benefited significantly. More than five years after the financial crisis, spurred by a massive failure in risk management, it appears that lessons have not been learnt. In a 2012 study, the Chartered Institute of Internal Auditors (CIIA) found that 60% of fines levies by FSA in 2011 were down to weaknesses in risk management systems.
A significant transformation is needed in the way organisations assess and manager risks. They need to realise for themselves that risk management matters, and not let regulators dictate the risk agenda.
On a positive front however, there is growing evidence that firms see effective risk management as a means to enhanced reputation, greater competitiveness and market share. RIsk management and strong ethical behaviour is key to winning over consumer confidence in the financial services sector. This does however mean that risk management organisations need to reassess and realign strategies, processes and infrastructure to deliver value at reduce costs, thereby enhancing return on investment.
As a start to the debate, and by way of examples, this paper explores five strategies that will help organisations gain more commercial value from their risk management efforts (across all lines of defence), whilst improving process efficiencies and reducing costs.