Menu Close Menu

Menu

Account
Premium

GRC Maturity Survey 2017

Download Research

Use this comprehensive research report to know more about what organizations of all shapes and sizes are doing with their GRC Capabilities.

Every organization does GRC whether they use the acronym or not. All have some approach to governing the organization, managing risk, and addressing compliance. It could be scattered in silos and disconnected, or it could be highly collaborated and integrated. Organizations should not be asking if they should do GRC but are to ask how mature their organization’s approach to GRC is and how it can be improved.

You can get the complete data set for this research here.

The formal definition for GRC found in the OCEG GRC Capability Model is that “GRC is a capability to reliably achieve objectives [governance] while addressing uncertainty [risk management] and acting with integrity [compliance].”

In the ideal world there is a natural flow through to GRC. Governance sets objectives and directs and steers the organization setting the context for risk management. Risk management aims to understand and minimize uncertainty in those objectives and reduce exposure to loss while maximizing performance. Compliance assures that the organization operates with integrity to the boundaries established in organization values, policies, regulatory and legal requirements, as well as boundaries set by risk limits and thresholds.

However, within many organizations there are often many GRC functions operating in isolation producing redundancy and gaps while remaining ignorant of the interrelationship of risk across silos. This has a measurable cost to the organization in inefficiency, ineffectiveness, and lack of agility.

Other organizations have mature and structured processes and reporting on GRC that brings together an integrated and orchestrated view of GRC processes and information.

The goal of this 2017 OCEG GRC Maturity Survey report is to help organizations:

  • Understand the level of integration of GRC within organizations;
  • Differentiate the degree of confidence in performance with the ability to identify and manage risks and requirements;
  • Examine the benefits of an integrated GRC capability and the negative effects of siloed operations.


Featured in: GRC Capabilities

Related Resources
Back to top
OCEG © 2002 - 2024 OCEG

Terms of Service

Privacy Policy

Refund Policy

support@oceg.org

Contact Us

Information & Billing
+1 (602) 234-9278

Principled Performance, Driving Principled Performance, Putting Principles Into Practice, OCEG, GRC360°, ActiveLearning, EventDay and LeanGRC are registered trademarks of OCEG.

Protector Skillset, Protector Mindset, Protector Code, Lines of Accountability, GRC Professional, GRCP, GRC Fundamentals, GRC Auditor, GRCA, GRC Audit Fundamentals, Data Privacy Fundamentals, Integrated Data Privacy Professional, IDPP, Policy Management Fundamentals, Integrated Policy Management Professional, IPMP, Integrated Audit & Assurance Professional, IAAP, Integrated Governance & Oversight Professional, IGOP, Integrated Strategy & Performance Professional, ISPP, Integrated Risk Management Professional, IRMP, Integrated Decision Management Professional, IDMP, Integrated Compliance & Ethics Professional, ICEP, Integrated Business Continuity Professional, IBCP, Integrated Information Security Professional, IISP are trademarks of OCEG.