Two-thirds of 196 organizations recently surveyed said that a lack of collaboration between risk and compliance dramatically slowed or somewhat slowed their response to new and emerging risks.
The survey was conducted by Compliance Week, sponsored by Riskonnect. Respondents to the survey were primarily from large companies, with 20% working for organizations with more than 10,000 employees and another 34% working for firms with between 1,000 and 10,000 employees.
Data flow – or lack thereof – appears to fuel the disconnect between the risk and compliance functions.
Nearly a quarter of organizations (24%) said that data is siloed and is extremely difficult to pull together, and another 56% said data is in multiple sources and is somewhat difficult to pull together. Just 16% of companies said data resides in one centralized source that is integrated and accessible for real-time reporting.
More than half of these companies (55%) use spreadsheets to monitor regulatory changes, which is surprising given the volume of regulatory change that large organizations in particular must deal with. Only 12% of respondents monitor regulatory change using automation that integrates with other risk and compliance data.
Change, however, may be on the way. A resounding 66% of respondents said that executive leaders have changed their interest level in risk and compliance over the past 18 months. The highest priority for executives – ranked by 35% of respondents as number one – is streamlining risk and compliance processes. Rounding out the top five priorities for risk and compliance are:
1. Streamlining risk and compliance processes
2. Real-time data
3. Risk and compliance representation in the C-suite
4. More frequent reports
5. Invest in new technology
The survey also found that companies are investing in people and technology to deal with emergent risk and compliance issues. In fact, one quarter of respondents have heavily invested over the past 18 months and 58% have somewhat invested. Looking forward, a whopping 73% of respondents say they plan to invest in people and technology within the next year.
Over the next 6-12 months, the single most pressing issue for risk and compliance departments is cybersecurity threats (25%), followed by ERM (12%) and ESG (10%). A majority of organizations point to the pandemic as the cause of the increase in cybersecurity events. Respondents said the pandemic also increased data privacy and employee health and safety risks.
Plenty of obstacles are preventing organizations from strengthening the connection between governance, risk, compliance, and audit data. Insufficient buy-in from other stakeholders was mentioned most frequently (43%), followed closely by “too costly” (42%). Other frequently mentioned obstacles include “too many disparate legacy systems” (38%), “insufficient demonstration of returns” (36%), and “departments are too scattered within the organization” (29%).