GRC Leadership Matters in Technology Adoption
Meet the Experts
As driving forces in Governance, Risk, and Compliance (GRC) such as increasing attacks, changing regulations, and access challenges increase in importance, so does the importance of efficient and effective GRC processes. Investment in GRC is recovering at SAPinsider organizations from a stagnant 2021, according to our latest GRC research. Budgets are growing at more organizations than shrinking, but how that budget is spent largely relies on GRC leadership.
GRC Budgets Year-Over-Year
How GRC Leadership Impacts Technology Adoption
Depending on the organization, different executive roles ultimately provide GRC leadership. The titles can range from CIOs and CTOs to CFOs or even GRC-specific leaders such as Chief Compliance Officers, Heads of Internal Audit or Risk Management.
According to our research, GRC leadership titles have a significant impact on GRC technology adoption.
In respondents’ organizations where a CFO held GRC responsibilities, there were higher usage rates for many technologies, including data privacy and protection (62%), access control (55%). The most significant difference is in GRC Automation adoption–over half (52%) of respondents with CFOs leading GRC are currently using GRC Automation technology. That’s more than 20% higher than the rest of the respondents.
GRC strategy leaders with GRC-specific titles also impact technology adoption. When looking at companies with a Chief Compliance Officer, Head of Risk Management, or Head of Internal Audit in charge of GRC strategy, adoption rates are higher for core GRC functionalities. Specifically, current usage rates are higher for access control (60%), process control (50%), and risk management (43%).
CFOs and GRC teams deal directly with governance, risk, and compliance issues every day. Other technology leaders’ teams may not be as focused on those areas, and they may not see the need for investment in GRC technologies.
What This Means for SAPinsiders
Ensure GRC leadership understands your organization’s GRC requirements, and the technologies that enable them. It’s clear that in organizations where the executives driving GRC strategy have direct ties to GRC topics, there is greater adoption of GRC technologies. If your GRC team needs certain technologies to accomplish their goals, leadership needs to be keenly aware of what is needed and why. This is vitally important because at the best performing organizations, GRC automation and centralization are much more common. These capabilities often must be enabled by GRC technologies, meaning GRC leadership support for investment in technology is necessary to transform and improve processes.