Steve McGraw CEO SAI Global Compliance

Topping the list, corporate boards will shift their focus from survivability to implementing and enhancing corporate risk management programs.  With the brunt of the economic storm currently abated, corporate boards are revisiting enterprise risk management initiatives and validating those improvements with quantifiable measures. 

Boards of Directors Returning to Risk Management: Boards are now picking up where they left off in 2007, before the economic collapse, focusing on managing and improving the business, rather than being consumed by keeping it above water.  While the economic storm has abated, progressive organizations are still keeping a watchful eye on financial uncertainty and boards are driving initiatives to ensure that their ERM processes are rock solid and backed up by quantitative data.       

Measuring the Effectiveness of Compliance Programs: With expanded regulations going into effect across various industries, organizations must not only show that they have a compliance program in place, but demonstrate that it is actually working.  The regulatory scrutiny of compliance programs is shifting from a focus on policies, procedures and retrospective audits, to proactive measures of effectiveness and hard-lined results.  This year, organizations will seek to implement robust measurement programs to report on and demonstrate the effectiveness of their compliance programs.      

Increasing Focus on Third-Party Risk Management:  In an effort to be more cost effective, companies have outsourced business functions to third parties.  But in contrast to the economic benefits, these companies must also contend with the potential for increased risk.  While they can outsource many tasks, they can’t outsource responsibility, accountability and liability.  The year ahead will see many companies adopting strict policies for better visibility and control over the supply chain and outsourced processes – proactively identifying potential risks, verifying that business partners are compliant, monitoring for changes that might create new risks and managing the remediation of incidents.

Convergence of Compliance and Audit as Integrated Processes:  As we start 2011, the convergence of compliance and internal audit is becoming the rule rather than the exception.  Very few organizations are investing in internal audit solutions without considering the inherent links and overlaps with their compliance programs.  One without the other, or each implemented in disparate silos, creates the possibility of blind spots.  This line of thinking follows the “cockroach theory”:   In the same way that seeing one cockroach in a restaurant is usually an indicator that many more remain unseen; one gap in a compliance program can have the same impact with regulators and cause them to look even closer into an organization.  Forward-thinking companies realize that their internal audit and compliance programs can complement one another and help protect the business for the long haul.  

Continued Emergence of GRC in the Cloud:  While there has been an acceleration of the cloud-based movement for the past several years, this is still a relatively new phenomenon in GRC.  As the industry matures, buyers are increasingly seeking GRC systems that are interconnected with leading providers of legal and regulatory content, to create a single, unified solution.  Cloud-based systems are ideally suited to providing freedom of choice to the legal and regulatory content appropriate for each organization.  The cloud will also be increasingly used to streamline processes and reduce overhead by integrating additional services and providing access for third-party auditors.  2011 will see a significant rise in organizations managing their GRC functions in the cloud as they seek these benefits.

Compliance 360 ranked as the fastest growing GRC software vendor in Inc. Magazine’s 2010 list of America’s fastest growing private companies and is a leading provider of enterprise governance, risk management, compliance and audit management solutions for companies that operate in regulated industries.  With these solutions, organizations reduce risks, improve efficiencies and protect their brands using a single platform to address their comprehensive GRC requirements.  The Compliance 360 Software-as-a-Service (SaaS) solution suite helps organizations address policies and procedures management, regulatory compliance management, internal and external audits, third party risk and vendor management, contract management, incident management, fraud, waste & abuse, surveys, accreditation, enterprise risk management and IT governance.  Compliance 360 is headquartered in Atlanta and assists more than 225,000 users every day in a variety of complex, regulated business environments, including healthcare, insurance, financial services and others.