GRC in Uncertain Times: 2016 and into 2017

In the past month there have been a lot of posts, articles, and discussion on the impact of Trump’s presidency on the GRC market, particularly compliance. Some fear that the need for compliance management within organizations is not going to be as strong as a Trump administration looks to deregulate. My perspective is that compliance management will continue to grow within organizations no matter who is in office. Whether conservative or liberal, regulations have grown and grown over the years. While President-Elect Trump is not your typical candidate, he is already toning down some of the rhetoric that he used during the campaign and coming to reality. There may be shifts in focus in certain areas, but ethics and compliance will remain a strong need within organizations for many years to come.

HOWEVER, the focus of the question should not be on compliance but on what the forecast looks like for risk management. While organizations will continue to need compliance processes and technologies, organizations will see a renewed focus and energy on risk management processes and related technologies.

Times are uncertain. 2016 has brought us Brexit, a forthcoming Trump administration, and turmoil politically around the world, particularly in European election possibilities. Economically things are topsy turvy with the British Pound, European Euro, caution on an outlook in China.

As I look to 2017 one word continues to come to mind: UNCERTAINTY.

If we go to ISO 31000 for a definition of risk, “risk is the effect of uncertainty on objectives.” Organizations face a world of uncertainty in 2017 and need defined risk management processes and systems in place to be able to manage risk in context of objectives. As we close 2016 and move into 2017, GRC 20/20 is seeing growing inquiries from organizations looking to improve risk management related processes and are asking questions related to risk management technologies to enable these processes.

It is interesting, the current OCEG GRC Maturity Survey, that GRC 20/20 Research collaborates on and authors, show a change in the respondents. This survey was fielded over the past two months and has 697 respondents with 578 of them in roles managing GRC internally within their organization. The past several GRC Maturity Surveys had Compliance and Ethics as the primary role responding to the survey, this year (the past few months to be specific) it is Risk Management roles that are the number one responder. Consider joining the webinar to learn more on the findings.

GRC 20/20 is seeing increased interest in enterprise and operational risk management technologies, but also increased interest in solutions for geo-political risk management, third party (vendor/supplier) risk management, IT/information security risk management, EH&S, and business continuity management.

What are your thoughts on 2017 and the outlook for GRC Related processes and systems? I look forward to hearing your thoughts.