The pandemic has demonstrated the importance of GRC systems to address critical situations, including health risks, business interruptions, supply chain breakdowns and financial losses. At the same time, organizations had to demonstrate agility in response to the challenges they faced.
They also needed to swiftly rethink their approach to operational resilience. Despite organizations increasing their expenditure on cybersecurity, around 77% of the respondents to the EY Global Information Security Survey 2021 said their organization had experienced a rise in disruptive threats over the previous 12 months.
Data breaches pose regulatory and reputational risks to European organizations in light of the General Data Protection Regulation. Organizations with insufficient security solutions to protect their systems, networks and data can potentially be fined up to €20m or 4% of their annual global turnover.
Hence, the need for organizations to adopt integrated GRC systems. This requires reshaping of the board’s role in monitoring the adequacy and effectiveness of GRC transformation. Adopting integrated GRC systems can help organizations recover effectively from crises and transform potential problems into business advantages.
Strive for effective GRC integration harmony
The use of different and isolated approaches for GRC systems can undermine the board’s ability to provide effective risk and controls oversight, and lead to potential risk exposures. When IT solutions are used, the tools may suffer from incompatible interfaces when it comes to data exchange and matching.
To support efficient prevention, detection and response around risk, it is key to have a harmonized and integrated approach for compliance, risk management, internal controls and internal audit, supported by an effective exchange of GRC-related information. Today, however, just 54% of board members believe that that the board currently plays an active role in the risk identification process and continuous improvement of GRC systems, according to the EY EMEIA Board Barometer 2022.