More than three quarters of governance, risk and compliance (GRC) professionals surveyed said there was a need to improve overall risk oversight in 2016.
According to MetricStream’s global survey of 200 GRC professionals, which focused on the major challenges and trends affecting businesses such as geopolitical risks and cyber security, 76.2% of respondents cited risk oversight as a key driver for investment in GRC.
New risk and regulatory concerns surrounding the introduction of new business initiatives were cited by 54% of respondents. MetricStream said the high figure suggested the role of a risk management professional had evolved beyond compliance, and was now much more business focused.
Data privacy and protection issues would be key drivers of GRC investment this year for 39.5% of respondents, demonstrating these issues were more important than ever before, according to MetricStream.
The least important drivers of GRC investment were political stability (8.4%) and geopolitical risks (11.1%).
Spending on technology will be a bigger priority than spending on services, such as third party risk management, with 28.5% of respondents saying they will increase technology spend compared to 21% increasing services spend this year. Less than 5% of respondents said they would decrease total spend on GRC in 2016.
French Caldwell, chief evangelist at MetricStream, said the survey highlighted how the role of the risk manager was evolving and that 2016 would provide the “perfect storm” of GRC challenges.
“Geopolitically, we’re seeing politicians and regulators lose control of the political agenda to technology companies, which are setting the rules with innovation, and survey respondents highlighted the impact this digital business transformation is having on new business initiatives.
He added: “While survey respondents ranked political stability and geopolitical risks low, keep in mind that just three years ago cyber security was underrated as a major business risk.”
Caldwell said the US presidential election and the rise of groups such as ISIS were causing uncertainty and creating challenges, while the economic slowdown in China was creating a ripple effect globally.
He added: “Very few GRC pros a decade ago would have been concerned with new business initiatives in the slightest, instead focusing their efforts on protecting their company from a compliance point of view. Now they have to be more proactive and have a far broader business view.”