New Research on Metrics for Corporate Governance, Risk Management and Compliance

Blog Post created by PatrickP Employee on Oct 21, 2014

Do business teams believe they are collecting and analyzing the information they need to be effective?  Do they get relevant information about the operation and value of their capability to manage performance, risk and compliance?  Do boards, auditors and c-suite executives have confidence that the right information is being collected and analyzed to drive achievement of objectives? These questions and more are addressed in the 2014 GRC Metrics Survey.


“Using analytical data developed through key performance and risk metrics to drive priority and action is the backbone to any good governance, risk and compliance (GRC) program,” says Patrick Potter, GRC Strategist at RSA, the Security Division of EMC. “Most organizations react from delayed or incomplete information, and by the time corrective action is taken the issue is well past. Analysis of current and relevant metrics brings visibility to areas that truly need the organization’s strategic and tactical focus.”


Michael Rasmussen, Chief GRC Pundit of GRC 20/20 and OCEG Fellow, adds, “The question is how mature are an organization’s GRC-related strategy, processes, and architecture.  A primary factor in GRC maturity is how well the organization understands and utilizes metrics to drive the achievement of objectives while addressing uncertainty and acting with integrity.  OCEG’s work in GRC metrics is critical in helping organizations understand, define and mature GRC metrics in their organizations.”


“We will be comparing views on metrics and how they are used to our GRC metrics survey that took place in 2008,” said Carole Switzer, OCEG Co-Founder and President. “It will be interesting to see how far organizations have come in the ensuing six years, as technology for collecting and analyzing metrics in GRC has evolved.”


Participate in the survey, presented by the OCEG  and sponsored by OCEG GRC Solutions Council members, ACL, Baker Tilly Colombia, and RSA, the Security Division of EMC.  All participants receive a free report on the results.