A survey carried out by Critical Research for GRC (Governance and Regulatory Compliance) systems group Achiever Business Solutions, reveals that it is predominantly new regulatory compliance divisions that are controlling spend on GRC Technology and that this is frequently outside of the control of IT executives.
One hundred completed surveys, chosen randomly, from a population of 775 executives responsible for regulatory compliance in major organisations, across the financial, industry standards, health and safety and quality areas, found that only 39% of the spend on GRC systems comes from the IT budget.
The rest was under the control of new compliance divisions emerging within the organisation. The average compliance budget across the population surveyed was £87,000 with a further £33,000 allowed for support and maintenance costs.
Overall, 8 out of 10 companies thought that the regulatory burden would increase over the next two years and 9 out 10 felt that enterprise-wide GRC systems would ease the burden. Over half expected GRC system budgets to increase; with the total budget of those included in the survey running at just over £70million. Of those not using enterprise-wide GRC systems, 80% of them expected to be doing so within a year.
Eighteen months ago, it was hard to find compliance officers let alone GRC departments. Now, with the extended reach of Sarbanes Oxley, and the threat of legal action and adverse publicity, boardrooms are worried about the potential impact on share prices and the P&L. There is, therefore, a huge momentum behind a new breed of executives who have been catapulted straight into the boardroom with the budget and authority to get what they need. These executives are compliance specialists and therefore are often not IT people.
Thus, in some cases, monies that would previously have fallen under IT executives’ control are diverted into these new GRC divisions with decisions about the compliance systems chosen and the platforms used falling outside existing IT policies. This could lead to tensions in the boardroom as boundaries are re-defined and room at the top is made for the new kids on the corporate block.