If nothing else, the financial crisis of 2008 has driven home the need to improve reporting to the organization regarding risk posture and exposure. As we look to 2010 and beyond, risk and compliance processes will no doubt evolve to meet changing business and regulatory requirements. Coming in at #8 on the 2010 GRC Wish List
is “Strong Reporting with Easy-to-Use Formatting.” While the value of strong reporting is clear, a few challenges remain:
- Cross-domain Reporting – With the large number of risk and compliance initiatives underway at organizations today, users are struggling to deliver comprehensive enterprise risk management. Users need a way to understand and manage their risk exposure across the numerous risk and compliance domains through enterprise risk assessments and integrated reporting. GRC solutions that are developed independently in silos, produce application specific reports that only reference data local to that application and provide an incomplete picture of enterprise risk exposure.
- Multiple Reporting Regimes – Companies are struggling to meet the needs of an increasing number of reporting regimes. For instance, a financial services company may have adopted the CoBIT framework for IT management, adhere to FFIEC best practices guidelines and may be looking to establish an Anti-Money Laundering (AML) program. The key challenge facing these organizations is in establishing a risk framework that integrates multiple reporting regimes and provides visibility into the state of key risks across the enterprise.
- Linking Oversight with Operating Environment – Effective “governance” implies effective oversight and reporting. To deliver effective oversight, GRC professionals need to be able to link their oversight and reporting to their operating environment by drilling-down to view control status at the asset level.
- Profile-based Reporting – Risk management professionals, compliance professionals and auditors frequently have access to highly confidential and sensitive information. Oftentimes, that information needs to be segmented from other stakeholders in different roles, entities, geographies or functional risk areas. GRC solutions need to provide a highly configurable, flexible and secure access control and security model to ensure that risk data is seen only by the right people, in the right context, at the right time.
What reporting challenges does you organization face?
Tags: 2010 GRC Wish List