Compliance survey reveals increased risk, regulations for businesses in 2012
Lockpath survey indicates disconnect as compliance and risk professionals struggle finding technology that meets their needs
Published on March 27, 2012
OVERLAND PARK, KANSAS — Despite facing moderate-to-high risk levels, a quarter of compliance and risk professionals have yet to put a product in place to manage these risks. Today, Lockpath, a provider of innovative governance, risk and compliance (GRC) applications, revealed the findings of its survey of more than 175 compliance and risk practitioners from across the United States, suggesting a disconnect between the major compliance challenges for organizations and their ability to manage them.
Of the risk and compliance practitioners surveyed, 83.6 percent consider their organization’s risk level to be moderate-to-high. Additionally, 78 percent say there has been an increase in the regulations they have been forced to comply with during the past year. Not surprisingly, remaining current on federal and state laws is a top priority for organizations in 2012. In spite of the need to stay on top of compliance, 26 percent of respondent have no tools or procedures in place at all. Of the remaining 75 percent, 32 percent use homegrown solutions.
“It is crystal clear that, despite what some see as the maturing of risk management programs in the past several years, an alarming number of businesses remain overwhelmed by the number of regulations with which they must comply,” said Chris Caldwell, CEO, Lockpath. “The results of this survey indicate a strong need for a GRC solution that can help companies of all sizes get a grip on compliance with a platform that delivers integrated risk and regulatory intelligence.”
Compliance and Technology Priorities and Challenges
Overall, attaining one consolidated view of risks and staying on top of new regulations are viewed as the most challenging compliance tasks. Among respondents, 80 percent say the ability to “consolidate, centralize and mine business-critical risk and compliance data” is the most important feature of a compliance solution, yet 46 percent say their current solution/process needs improvement in this area. Similarly, 63 percent say the ability to “automatically generate assessments” is very important, but 43 percent say their current solution/process is insufficient in this area. Despite the well-known risks that come with third parties, 63.2 percent of the respondents cannot ensure their vendors and partners are in compliance with their policies. Furthermore, two-thirds do not track costs associated with compliance.
The larger the organization, the higher its perceived risk level appears to be. Only 6.5 percent of small-to-medium sized businesses consider their risk level to be high, compared to 15.9 percent of mid-range companies and 25.6 percent of enterprises. Interestingly, mid-range companies (81.3 percent) are slightly more likely than either SMBs (65.4 percent) or enterprises (71.4 percent) to have a risk and compliance process already in place.
Healthcare Industry Burdened, Yet Prepared
Of the industries represented by survey respondents, healthcare is most heavily weighed down by heightened risk. Of healthcare respondents, 53.3 percent consider their risk level to be high, compared to 16.3 percent of respondents from financial services, 13.3 per cent of respondents from utilities and 4.5 percent of respondents from manufacturing companies. Fittingly, 100 percent of healthcare company respondents claim to have a risk and compliance process already in place, compared to 91 percent of utility companies, 77.5 percent of financial services companies and 71.4 percent of manufacturing respondents.
Top IT Priorities in 2012
When asked about their top IT priorities for 2012, respondents viewed minimizing data breaches and litigation as most critical. Staying current on federal and state laws, cutting costs and delivering services more efficiently, getting one consolidated view of all compliance and risk factors and automating processes and simplifying reporting, also made the top five.
This online survey was conducted in February 2012 by Lockpath and generated 181 qualified respondents from US companies in a variety of industries. Of those surveyed, 30 percent were from financial services, 15 percent were from manufacturing, 10 percent were from healthcare, 10 percent were from utilities and eight percent were from communications and media. Most of the remaining respondents were from the legal, government, retail, software, transport, consulting and education verticals. Of respondents, 51 percent hold compliance titles, 44 percent work at large enterprises with 5,000+ employees and 30.4 percent work at enterprises with 1,001 to 5,000 employees.
Lockpath is a market leader in corporate governance, risk management, regulatory compliance (GRC) and information security (InfoSec) software. The company’s flexible, scalable and fully integrated suite of applications is used by organizations to automate business processes, reduce enterprise risk and demonstrate regulatory compliance to achieve audit-ready status. Lockpath serves a client base of global organizations ranging from small and midsize companies to Fortune 10 enterprises in more than 15 industries. The company is headquartered in Overland Park, Kansas.