Gartner says the increase will be largely driven by the need for assurance leaders needing tools to keep up with the increase in regulatory attention on executive risk oversight and monitoring.
Gartner predicts that legal and compliance departments will increase their investment in governance, risk, and compliance (GRC) tools by 50% by 2026. This increase is driven by the need for assurance leaders to have the necessary tools to improve their processes around external reporting and officer conduct, in light of increasing regulatory attention on executive risk oversight and monitoring.
The U.S. Securities and Exchange Commission (SEC) and the U.S. Department of Justice (DOJ) have both signaled a focus on executive risk oversight and monitoring. The DOJ, for example, is encouraging companies to voluntarily disclose misconduct, but firms can only do so if they have effective compliance programs and risk management strategies in place that leverage controls to prevent and detect misconduct.
Without effective self-discovery, companies risk being subject to criminal prosecution, and officers and directors may be subject to shareholder derivative litigation for failing to fulfill their duty of oversight. Legal and compliance leaders need to ensure that they are empowered to capture and elevate the right information to management and the board, take the appropriate action, and maintain documentation related to these processes.
GRC tools help compliance, enterprise risk management (ERM), and other assurance teams build a more holistic understanding of risks by integrating and consolidating risk and compliance data, as well as processes and terminologies. These tools can assist assurance teams in evaluating and modifying compliance programs in near-real time, pressure-testing system operations, and improving oversight processes.
Legal and compliance leaders may want to focus on these three initial areas due to the recent regulatory actions:
Leveraging risk management methodologies to verify control effectiveness
Legal and compliance leaders should consolidate existing risk management methodologies from their partners in assurance, ERM, and audit to predict or detect misconduct and validate the effectiveness of controls.
Analyzing the impact of changing expectations on board and officer oversight
Organizations need to establish effective oversight processes for both boards and officers, and legal and compliance leaders should build a comprehensive view of controls and procedures, clarify officers’ roles and responsibilities, improve compensation structures, and establish clawback policies.
Renew and raise compliance and governance standards
Compliance leaders should update policy and procedures in response to regulatory changes and prioritize testing the effectiveness of policy changes by measuring whether employees understand their obligations with respect to both business conduct and reporting misconduct. Compliance leaders should also conduct role-based refresher training with a focus on ensuring understanding by including gamification, scenario-based role play, and improving two-way communications in the learning process.