Expand +



In-session survey results from the GRC 2010 keynote session

by Scott Priest, Editorial Director

November 11, 2010

Allison alluded to the interactive survey being done during the GRC keynote in her blog post this morning, and I happened to take down the questions and answers to all of them so figured I'd pass them along. There are some interesting results. My wording may not be exactly what was on the screen -- between my lousy handwriting and quickness in order to get it all down, my notes don't sound quite as clear as they did in Jim Dunham's verbiage.

1. What is the primary driver of GRC investment in your company?

37% Exposure/cost of non-compliance

17% Reduction in GRC costs

13% Internal/external transparency

13% Optimized business performance

13% Gains in mitigating risks

9% Reduction in GRC effort

Obviously cost is the main driver (generally speaking), but it was surprising to see people not concerned about effort and time. Perhaps if the crowd were more general, and not comprised of GRC professionals, it would have been.

2. How would you characterize risk management in your company?

39% Managed only for compliance

33% Fragmented

11% Not managed

11% Top-down ERM approach

6% Integrated with line of business

Good to see the best option (ERM) catch up with the worst (not managed), but not surprising to see compliance lead this one.

3. In the next 2-3 years, what stage do you expect your company to achieve?

65% Enterprise

19% Optimized

15% Individual

0% Manual processes

This referred to a model Jim talked about, but it essentially falls in line with the previous answer -- people are moving away from manual processes and have automation, but it's not necessarily optimized at this time.

4. In the next 2-3 years, what is your company's investment priority?

41% Compliance management

32% Automation and testing of controls

27% Risk management

0% Transaction monitoring

0% Reporting

I was surprised to see no one select reporting, and also the level that risk management registered. I would have assumed an even greater majority would have been focused on compliance. Clearly some of this audience is already buying into Jim (and SAP)'s message.

5. What is the biggest benefit you see in bringing together GRC and business planning and strategy?

48% Reducing risk and compliance violations

43% Ability to mitigate risks

5% Improving operational effectiveness

5% Optimizing outcomes of business initiatives

0% Increasing working capital

0% Decreasing cost of capital

This one is the clearest indicator that it was entirely GRC professionals answering the questions -- surely folks in other areas would have picked some of the other options.

An email has been sent to:

More from SAPinsider


Please log in to post a comment.

No comments have been submitted on this article. Be the first to comment!