Created with Sketch.
Risk Management
57% of senior-level executives rank “risk and
compliance” as one of the top two risk
categories they feel least prepared to address.
69% of executives are not confident that their
current risk management policies and
practices will be enough to meet future needs.
•
•
Vendor & Third-Party Risk Management
60% of organizations feel underprepared to perform due diligence on their
vendors.
57% of organizations aren’t confident that their vendor management policies would
prevent a data breach.
Only 31% of organizations manage third-party risk and issue tracking through an
enterprise-wide tool capable of monitoring key risk and performance indicators
(KRIs, KPIs).
Only 4% of organizations feel that their third-party risk management tools fully
integrate and capture overall risk for reporting purposes.
•
•
•
•
Internal Audit
•
•
•
•
Compliance Management
27% of CCO’s (chief compliance officers)
strongly agree that their organization’s
compliance function has a management process
in place and it is integrated into their
standardized policies and procedures.
The average regulatory costs per employee for
organizations is $10,000, regardless of size.
Only 47% of chief compliance officers say that
their organization has an enterprise-wide
reporting system and across functions and
business units that integrates with compliance
monitoring.
Less than three-quarters (69%) of organizations
are leveraging technology to support their
compliance initiatives.
•
•
•
•
Only 30% of internal audit departments effectively
leverage analytics, escalations, and notifications
to identify and monitor compliance risk.
The average audit department dedicates only 4%
of its resources to vendor risk assurance.
48% of executives responsible for auditing view
their organization’s oversight of third-party
relationships as ad-hoc, weak, or nonexistent.
Only 9% describe their vendor monitoring process
as strong.
60% of audit executives say that internal audit
rarely or never provides assurance on
management information sent to the board.