In-Depth

"Perfect Storm" Drives Analytics, BI into GRC Framework

A study by Aberdeen Group shows what distinguishes best-in-class companies in their governance, risk management, and compliance activities and shows how BI plays a role.

by David Hatch

Regulatory requirements -- both internal and external -- are driving enterprises to look more closely at risk management as businesses attempt to alleviate and manage business, operational, and financial risks as they focus on regulatory compliance.

The recent upheaval on Wall Street has spurred renewed scrutiny of practices related to governance and compliance. In today's competitive global marketplace, organizations must find technologies and services that help address their challenges, but the governance, risk management, and compliance (GRC) market (both software and services) is still in the "early-adoption" stage.

To receive the benefits of GRC, organizations in all industries are incorporating business intelligence (BI) and analytic tools into their GRC framework. Aberdeen Group's July 2008 report, Is Your GRC Strategy Intelligent?, identifies what the research group says are the "strategies, internal capabilities, technologies, services, and methodologies 'Best-in-Class' (that is, top performing) organizations employ in their GRC initiatives." The study provides recommendations to help companies optimize their existing implementation or develop a new GRC initiative.

Aberdeen says Best-in-Class organizations have initiated "effective, efficient, and visible risk management and compliance activities," allowing business-critical decisions to be made more quickly, accurately, and with confidence. The report can be downloaded at no cost (a short registration is required) from http://www.aberdeen.com/summary/report/benchmark/4888-RA-governance-risk-compliance.asp. It describes the performance and operational advantages that Best-in-Class companies enjoy and explains the capabilities, practices, and technology investments that these companies are making.

The study made these key findings:

  • Understanding how supplementing consistent monitoring of risk and compliance processes with analytic tools is important has allowed Best-in-Class organizations to increase visibility and knowledge into risk and compliance activities by an average of 34 percent, about 2.5 times more than all other organizations.
  • Best-in-Class organizations fully capitalize on this enhanced visibility and knowledge and realize an average 22 percent increase in the speed at which business-critical decisions can be made; an average increase that is 2.4x greater than all others.
  • By augmenting consistent but flexible enterprisewide GRC policies and procedures with extensive communications, Best-in-Class organizations have increased their ability to detect significant weaknesses in internal controls by 16 percent while realizing a 9 percent decrease in redundant activities and processes.
  • Best-in-Class companies have been able to reduce governmental (federal, state, and municipal) and industry-specific fines related to non-compliance by 14 percent and improve the efficiency of compliance tracking and reporting by 30 percent, an average improvement that is 9 times greater than the least-effective companies (identified by Aberdeen as "Laggards").

- - -

David Hatch is vice president and principal analyst of Aberdeen Group's business intelligence practice, where he benchmarks user organizations' BI strategies, actions, and planned technology investments. His research focuses on the collection, assembly, and delivery of information throughout the enterprise. Dave holds a BA in Communications from the University of Massachusetts.

Must Read Articles