Four-fifths of managers responsible for Governance Risk & Compliance (GRC), GRC believe that too much ‘noise’ or ‘overkill’ on the need to be compliant and risk free is threatening attitudes to compliance within their own organisations.
This is the key finding of a survey by European GRC Technology company Achiever Business Solutions (ABS) who also found that the recent and intense hype and debate around compliance and risk related issues, coupled with a burgeoning numbers of standards is, in some cases, leading to complacency and discontent at an operational level.
One worrying aspect revealed was that negative attitudes to compliance and risk were now becoming established in workplace cultures, particularly amongst operational management.
Even though less than 10 % of those surveyed felt that they had detected a ‘wait until we get caught’ attitude, 63% felt that a ‘no-one will notice or check’ culture was becoming prevalent amongst some elements of operational management. Organisations that did not have acompany wide GRC policy or a centralised compliance or risk management function were most likely to have such attitudes.
In all, just over three-quarters of respondents felt that negative attitudes to compliance issues and risk, could rebound significantly on their organisations later.
A total of 86% felt that the most effective solution lay in deploying enterprise-wide GRC systems run from a central GRC department. This, it was felt, would remove the burden of compliance and risk avoidance from operational management or support them more in meeting those compliance targets that were essential.