The latest enterprise risk management news from around the world

NAVEX Global survey report shows that business continuity plans helped organizations mitigate the pandemic’s impact; also highlights reductions in leadership support when risk and compliance clashes with business objectives.

NAVEX Global has published its 2021 Definitive Risk and Compliance Benchmark Report. Based on a survey of over 1,000 risk and compliance professionals, the study indicates that, while senior leaders and managers are supportive of compliance overall, their support wavers in situations with conflicting interests or business objectives.

Those surveyed felt positive about executive commitment overall, with 71 percent saying that their senior leaders demonstrated a commitment to compliance. However, when asked if those same leaders persisted in that commitment when faced with competing interests or business objectives, far fewer (46 percent) agreed. Management levels saw an even wider gap in these results with 75 percent showing a commitment in general, but only 38 percent persisting in the face of competing interests or business objectives.

The study also yielded several notable results regarding the COVID-19 pandemic’s effect on compliance program priorities and workplace culture. Overall, it found many organizations had successfully navigated the pandemic, though it found room for improvement in some key areas.

The COVID-19 pandemic was a defining factor for many risk and compliance programs over the last year. Although it did not significantly disrupt program performance, it did make developing and implementing remote workplace policies a top concern. Updating or creating a business continuity plan also became a top priority; 80 percent of respondents who had a business continuity plan in place said it helped mitigate the pandemic’s impact.

The survey found that the pandemic had relatively little impact on workplace culture. Half of those surveyed said the transition to work-from-home environments had no net impact on workplace culture, with the other half just as likely to say it improved culture as they were to say otherwise. It is notable that non-managers were significantly less likely than management to feel there was a negative cultural impact.

When it comes to integrated risk management, most respondents indicated that their governance, risk, and compliance capabilities are at least partially integrated, with only 16 percent of respondents reporting their risk management practices are siloed with no plans to integrate.

Respondents were divided on who manages their risk integration strategy — among the positions named were Chief Risk Officer (17 percent), Chief Compliance Officer (13 percent) and the CEO (12 percent) among several other positions and titles. However, advanced risk and compliance programs were significantly more likely to have a Chief Risk and Compliance officer, placing compliance and risk management under a single role.

This year’s survey also inquired about Environmental, Social and Governance (ESG) programs. Surprisingly, while ESG support from the top is high, with 69 percent of respondents reporting CEO support, only a third say their ESG program has dedicated personnel or budget. Respondents also indicated that ESG programs are the least automated, with only a quarter indicating they used purpose-built solutions for program administration.

Additional key findings from the study include:

  • One-third of respondents indicated their organization experienced a data privacy/cybersecurity breach during the previous year.

  • Most respondents felt their risk and compliance programs are under-resourced in both staffing and funding,

  • Risk and compliance professionals are getting better at obtaining data and utilizing technology:
    - 61 percent of programs surveyed use purpose-built solutions to automate at least one element of their risk and compliance program.
    - Over half (54 percent) of respondents rated their access to operational data across the enterprise as ‘good’ or ‘great’.
    - However, only a minority of programs use the data they glean to measure, monitor, assess and allocate resources.

  • Nearly half (49 percent) of compliance programs track diversity metrics and 56 percent of respondents indicate they intend to provide diversity and inclusion training within the next three years.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.