Created with Sketch.
57% of senior-level executives rank “risk and
compliance” as one of the top two risk
categories they feel least prepared to address.
69% of executives are not confident that their
current risk management policies and
practices will be enough to meet future needs.
Vendor & Third-Party Risk Management
60% of organizations feel underprepared to perform due diligence on their
57% of organizations aren’t confident that their vendor management policies would
prevent a data breach.
Only 31% of organizations manage third-party risk and issue tracking through an
enterprise-wide tool capable of monitoring key risk and performance indicators
Only 4% of organizations feel that their third-party risk management tools fully
integrate and capture overall risk for reporting purposes.
27% of CCO’s (chief compliance officers)
strongly agree that their organization’s
compliance function has a management process
in place and it is integrated into their
standardized policies and procedures.
The average regulatory costs per employee for
organizations is $10,000, regardless of size.
Only 47% of chief compliance officers say that
their organization has an enterprise-wide
reporting system and across functions and
business units that integrates with compliance
Less than three-quarters (69%) of organizations
are leveraging technology to support their
Only 30% of internal audit departments effectively
leverage analytics, escalations, and notifications
to identify and monitor compliance risk.
The average audit department dedicates only 4%
of its resources to vendor risk assurance.
48% of executives responsible for auditing view
their organization’s oversight of third-party
relationships as ad-hoc, weak, or nonexistent.
Only 9% describe their vendor monitoring process
60% of audit executives say that internal audit
rarely or never provides assurance on
management information sent to the board.