Leaders everywhere face increasing risks for their organizations. But not all risks are created equal. And not all organizations have the same ability to measure, manage or mitigate these risks.

1. Grant Thornton LLP’s 2016 Governance,
Risk and Compliance Survey sheds light
on how leaders can add value.
Today’s corporate leaders face an ongoing challenge to
appropriately balance risk while seizing opportunities. But regardless
of risk tolerance — or aversion — every organization should add
value to its governance, risk and compliance (GRC) activities.
GRC leaders ranked strategic risk as most significant type of general risk
Risk ranked as having the most
to least focus
Compliance
Financial
Operational
Strategic
Risk ranked by GRC leaders’
experience with it, from most to least
Financial
Compliance
Operational
Strategic
Balancing risk with opportunity
grantthornton.com/grcsurvey
Pay attention to strategic risk
Improve the GRC maturity level
Embrace technology
43%of respondents
described their GRC maturity level
as either ad hoc or fragmented.
Organizations spend only 12% of total revenue (average) on GRC
activities, and are not drastically making additional investments. Spending
has increased somewhat or stayed the same in 2015 over 2014.
Many executives cite skills shortages in their organizations for
departments involved with GRC activities.*
Technology use for mitigating risk is low.
Companies are only moderately using data analytics for GRC
activities despite recognizing the top benefits of data analytics.
*Respondents could select more than one answer.
Risk ranked from most
to least significant
Strategic
Compliance
Financial
Operational
Yet it was ranked as having the
least focus.
And respondents are the least
effective at mitigating this
type of risk.
Risk ranked as having the most to
least effective management
Financial
Compliance
Operational
Strategic
Furthermore, GRC leaders are
the most lacking in strategic
risk experience.
Ad hoc compliance 12%
Fragmented/siloed compliance 31%
Integrated organizational compliance 28%
Integrated organizational compliance with
some value-added activities 22%
Value-adding integrated organizational
compliance 7% 12+31+28+22+7+D
Increased significantly 11%
Increased somewhat 46%
Stayed the same 33%
Decreased somewhat 2%
Decreased significantly 1%
Not sure 7% 11+46+33+2+1+7+D 27%
27%
25%
20%
3%
43%Audit
Operations leadership/management
Security/loss prevention
Senior leadership
Legal
Vendor/supplier management
No departments with skills shortage
Other
38%
27%
Extensive use 5%
Moderate use 29%
Some use 43%
No use 23%
5+29+43+23+D
Top benefits of using data analytics
29%
20%
47%Mitigating financial risks
Mitigating operational risks
Mitigating compliance/regulatory risks
Providing business/operational insights
Identifying GRC weaknesses
(e.g., financial controls)
41%
32%
Risk Mean score*
Financial 3.3
Operational 3.1
Compliance 2.9
Strategic 2.5
* 1=no use; 5=significant use.
Proactively viewing risk as a driver of opportunity is a key component of 21st-century
strategic planning. Successful leaders will evaluate GRC approaches that add
strategic value while managing risks, thereby improving competitive advantage.
“Grant Thornton” refers to Grant Thornton LLP, the U.S. member firm of Grant Thornton International Ltd (GTIL), and/or
refers to the brand under which the GTIL member firms provide audit, tax and advisory services to their clients, as the
context requires. GTIL and each of its member firms are separate legal entities and are not a worldwide partnership. GTIL
does not provide services to clients. Services are delivered by the member firms in their respective countries. GTIL and its
member firms are not agents of, and do not obligate, one another and are not liable for one another’s acts or omissions.
In the United States, visit grantthornton.com for details.
© 2016 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd