Today I read an Article by AMR Research Analyst John Haggerty where he stated that "Risk management has officially become the new compliance". I think that is true for many of the companies we talk to. Pure Compliance to satisfy some regulators or auditors needs is not the main focus anymore, many of our customers want to expand their risk assessments to all operational areas to gain maximum benefit out of these methods.
John is furthermore stating that according to his research the GRC market will grow more than 7% but the contribution of financial compliance to the cake is declining. This is another indicator that discussions in GRC grow more mature. Auditing Standard No.5 is allowing for a more risk based approach tackling financial compliance. Furthermore the (legal) risk of non-compliance is a risk that originates from the processes, systems or people of an organization. This means there is a clear connection between measures derived from operational risk management and controls set up coming from the compliance viewpoint.
These are very intriguing discussions we have in IDS Scheer's GRC community and with our customers and we are looking forward to exciting projects tackling the full process of internal control. Together with these customers we'll ensure consistency and transparency by using the same methodology and data repository for all topics concerning risk management, compliance management and auditing.
Read More about BPM: www.aris.com/compliance
