Legal and compliance department investment in governance, risk, and compliance tools will increase 50% by 2026, according to Gartner, Inc. Assurance leaders are seeking out technology solutions to help them address increasing regulatory attention on executive risk oversight and monitoring.
“Recent actions ranging from the U.S. Securities and Exchange Commission (SEC) to the U.S. Department of Justice (DOJ) signal a focus on executive risk oversight and monitoring,” said Lauren Kornutick, director analyst in the Gartner Legal Risk & Compliance Practice. “For example, the DOJ is encouraging companies to voluntarily disclose misconduct, but firms can only do so if they’ve set up effective compliance programs and risk management strategies that leverage controls to prevent and detect misconduct.”
Without effective self-discovery, companies risk being subject to criminal prosecution, and officers and directors may be subject to shareholder derivative litigation for failing to fulfill their duty of oversight.
“While most organizations already have existing compliance programs, legal and compliance leaders need to ensure they are empowered to capture and elevate the right information to management and the board, take the appropriate action, and maintain documentation related to these processes,” Kornutick said.
GRC tools for assurance leaders help compliance, enterprise risk management (ERM), and other assurance teams build a more holistic understanding of risks. The tools integrate and consolidate risk and compliance data as well as processes and terminologies.
In practical terms, GRC tools can help assurance teams with evaluating and modifying compliance programs in near-real time, pressure-testing system operations, and together with management and the board, improving oversight processes. Gartner experts have identified three initial areas of focus in light of recent regulatory actions (see Figure 1).