Created with Sketch. Risk Management 57% of senior-level executives rank “risk and compliance” as one of the top two risk categories they feel least prepared to address. 69% of executives are not confident that their current risk management policies and practices will be enough to meet future needs. Vendor & Third-Party Risk Management 60% of organizations feel underprepared to perform due diligence on their vendors. 57% of organizations aren’t confident that their vendor management policies would prevent a data breach. Only 31% of organizations manage third-party risk and issue tracking through an enterprise-wide tool capable of monitoring key risk and performance indicators (KRIs, KPIs). Only 4% of organizations feel that their third-party risk management tools fully integrate and capture overall risk for reporting purposes. Internal Audit Compliance Management 27% of CCO’s (chief compliance officers) strongly agree that their organization’s compliance function has a management process in place and it is integrated into their standardized policies and procedures. The average regulatory costs per employee for organizations is $10,000, regardless of size. Only 47% of chief compliance officers say that their organization has an enterprise-wide reporting system and across functions and business units that integrates with compliance monitoring. Less than three-quarters (69%) of organizations are leveraging technology to support their compliance initiatives. Only 30% of internal audit departments effectively leverage analytics, escalations, and notifications to identify and monitor compliance risk. The average audit department dedicates only 4% of its resources to vendor risk assurance. 48% of executives responsible for auditing view their organization’s oversight of third-party relationships as ad-hoc, weak, or nonexistent. Only 9% describe their vendor monitoring process as strong. 60% of audit executives say that internal audit rarely or never provides assurance on management information sent to the board.