Aligning technology to governance, risk & compliance is proving to be difficult. Vendors often have divergent opinions on the role technology should play with regard to GRC. This leads to lack of consistent and clear message on how enterprises should deal with GRC matters while incorporating technology. Most of the companies are not in a position of coming up with an integrated strategy in solving GRC issues which will return their investments.
Managing access and segregation of duties requirements is a time consuming and cost intensive process that requires constant attention and is often overlooked or avoided. Many organisations do not even have a clear understanding of the extent of their access management issues, beyond those their internal and external auditors tell them about, year on year.
A key challenge facing the management is to reduce the cost of executing monitoring business process controls whilst increasing their effectiveness. Management needs to efficiently meet their compliance and business objectives by verifying that the controls are addressing the risks and operating effectively.