An “overkill” emphasis on compliance and risk avoidance is testing operational management attitudes.
A survey to establish current thinking on Governance Risk & Compliance (GRC), has revealed that eight out of 10 managers responsible for GRC believe that too much “noise” or “overkill” on the need to be compliant and risk free is threatening attitudes to compliance within their own organisations.
The survey, conducted by leading European GRC Technology company Achiever Business Solutions (ABS), reveals that the recent and intense hype and debate around compliance and risk related issues, coupled with a burgeoning numbers of standards is, in some cases, leading to complacency and discontent at an operational level.
Most striking was the belief, amongst those surveyed, that negative attitudes to compliance and risk were now becoming established in workplace cultures, particularly amongst operational management. While fewer than 10 % of those surveyed felt that they had detected a “wait until we get caught” attitude, 63% felt that a “no-one will notice or check” culture was becoming prevalent amongst some elements of operational management.
This was significantly more common amongst those respondent organisations that did not have a company wide GRC policy or a centralised compliance or risk management function. In all 78% of respondents felt that negative attitudes to compliance issues and risk, could rebound significantly on their organisations later.
A total of 86% felt that the most effective solution lay in deploying enterprise-wide GRC systems run from a central GRC department. This, it was felt, would remove the burden of compliance and risk avoidance from operational management or support them more in meeting those compliance targets that were essential.
Commenting on the figures, Achiever’s MD Robert Dent notes: “ The growing emphasis on compliance and risk issues, in major corporates, has in many cases outpaced the ability of some companies to create an effective and unified enterprise-wide approach and infrastructure for GRC management. In some cases, this leaves the GRC burden in the hands of operational management who have their own roles to play.
“It is essential, therefore, to maintain a focussed approach to GRC, before bad attitudes become entrenched and that means more investment in professional enterprise-wide systems. This will place the responsibility for GRC with those who are best trained and equipped to deal with it and by the same token, take it away from those who see it as a burden, imposition or not part of their role.”