OCEG’s 2012 GRC Maturity Survey

Show Me: Jump to:

OCEG’s 2012 GRC Maturity Survey

free_252493OCEG is a nonprofit think tank dedicated to helping organizations reliably achieve their objectives, while uncertainty and acting with integrity. This is what OCEG calls Principled Performance, and it is a goal that every organization can achieve by integrating and aligning their approaches to the governance, assurance and management of performance, risk and compliance.

The survey was sponsored by SAP and sent to OCEG’s 38,000+ membership.  Approximately 500 respondents participated in the survey results.  At the start of this survey, GRC was described for participants as follows:

• GRC is an acronym describing an integrated approach to the governance, assurance and management of performance, risk and compliance.

• GRC enables an organization to achieve principled performance, which OCEG defines as the reliable achievement of objectives while addressing uncertainty and acting with integrity.

• In each of the questions that follow, we use the term “integration” to mean using the same or similar approaches across silos of interest, in a way that allows for a unified view of the information.

• Some people refer to this as a “harmonized” or “consistent” approach. Integrated does not necessarily mean managed under one director or by one unified team.

This description is applied in all questions using the term GRC.

Highlights from the survey:

  •  Respondents were fairly balanced across oversight functional responsibility: Risk, Audit, Compliance, Governance (fairly new role designation), Ethics, & all others 51.6%
  •  72% of responses stated some integration: [Are performance management activities in your organization integrated to provide a clear view of enterprise-wide performance?]
  • 73.1% reported integrated compliance: [Are compliance activities in your organization integrated to provide a consistent approach and clear view of compliance effectiveness and performance?]
  • 87.7% of responses reported integrated GRC: [What best describes the current level of integration between your processes for governing, assuring and managing performance, risk and compliance (commonly called GRC)?]
  • 78.3% of responses reported improved GRC in last 3 years: [Is there greater GRC integration in your organization today than there was three years ago?]
  • 85.6% of respondents see value in integrating GRC using technology: [Would your organization benefit from integrating and streamlining use of technology for GRC activities enterprise-wide?]
  • 70.8% of respondents have considered GRC tools for future use: [Does your organization have plans to better integrate existing technologies used to support GRC processes or acquire new technologies?]

The results of the survey imply that progress for integration have been achieved without a robust technology solution with respondents suggesting that additional benefit might occur with an integrated platform. 

Related Articles

Related Premium Articles