The term “governance risk management and compliance (GRC)” entered the business vernacular as a result of a specific need in the wake of the “most sweeping U.S. regulatory reform since the formation of the Securities and Exchange Commission.”

The post-Sarbanes need was for a more disciplined, efficient, effective, and, in most cases, centralized approach to managing these corporate functions.

The need still exists today: 73 percent of respondents to an Ernst & Young risk survey indicate that their enterprises maintain seven or more risk functions. Sixty-seven percent of these respondents report that they have overlapping coverage among two or more risk functions; additionally, half of the respondents acknowledge that there are gaps in their organization’s risk coverage.

That doesn’t sound terribly effective or efficient.

“Risk management functions within an organization often exist in silos that are disconnected from one another and the wider business strategy,” reports Gerry Dixon, Ernst & Young global risk leader. “As a result, risks identified in one area may not be communicated or recognized by another. Moreover, different areas within an organization may have different views on the severity or importance of certain risks.”

For a clearer view on the severity of “silo-ed GRC,” here are additional survey results. ###