-- 56% have a GRC strategy in place, with 84% believing that governance,
risk and compliance should be viewed holistically
-- Nearly half are using or plan to use a commercial software solution
to automate compliance efforts
-- 59% of respondents believe no single point of ownership and
accountability to be the biggest challenge to implementing a GRC plan
within their company
-- 82% of respondents believe that ease of use is a key factor in
evaluating GRC software.
-- The top five benefits from IT controls and compliance investments,
according to survey respondents, are:
- successful audit results
- overall business process improvements
- reduced risk of fraud and mistakes
- reduced time spend monitoring and testing IT controls
- reduced time spent preparing for and supporting IT audit
"There needs to be a paradigm shift in how companies transform the benefits
realized from their Sarbanes-Oxley investments to a more long term
risk-based approach to governance and compliance," said Scott Mitchell,
CEO, Open Compliance and Ethics Group (OCEG). "The first step towards
employing a GRC strategy to drive business performance is to get the right
people in the room to speak the same language, and that's the challenge
most companies are currently dealing with."
"With more than five years of Sarbanes-Oxley compliance under our belts,
public company CFOs have now learned how to effectively address regulatory
requirements, obtain executive sponsorship for major initiatives and
realize business benefits from controls," said Michael P. Cangemi, CEO of
Financial Executives International (FEI), the professional association of
choice for senior financial management and reporting best practices. "The
next level in corporate governance is to align the CFO, CIO and CSO
organizations to join hands as partners in GRC."
"The landscape is too complicated with too many silos," said Paul van
Kessel, partner of Ernst & Young (E&Y). "Over the last five years,
companies made huge progress in managing their financial and related IT
risks. The focus is now on two related topics. First: decrease the cost of
compliance by elimination, simplification, standardization and automation
of controls and second: integration of the financial risk management
frameworks and approaches with enterprise risk management and business
improvement initiatives."
Available Experts
The following experts can discuss Approva's governance, risk and compliance
survey, as well as provide commentary on the corporate environment
surrounding GRC programs and initiatives:
-- Michael P. Cangemi, CEO of FEI, Approva Advisory Board Member, and
Former Editor-In-Chief of the ISACA IS Control Journal
As president and CEO of FEI, the professional association of choice for
senior-level corporate financial executives, Michael P. Cangemi
oversees the organization's efforts to advance ethical and responsible
financial management practices within corporations. As a noted author,
speaker and business consultant in the areas of internal audit, audit
management, information systems and accounting, Cangemi is an expert in
the latest trends of concern for executives.
-- Scott Mitchell, President and CEO, Open Compliance and Ethics Group
(OCEG)
As CEO of OCEG, Scott Mitchell is responsible for promoting OCEG's
mission to help corporations implement and align their governance, risk
and compliance management activities to drive business performance and
promote integrity across the organization. As one of the foremost
experts on governance, risk and compliance, Mitchell is helping to
drive GRC program innovation.
-- Prashanth "PV" Boccasam, CEO of Approva
PV has an unrivaled appreciation for spotting the convergence of
business and IT trends and conceiving how new technologies can be
applied to address problems that are top priorities for C-Level
executives, including governance, risk and compliance. With public
company executives continuing to share their concerns and experiences,
PV has proprietary insight into the future of the governance, risk and
compliance space. For more on PV's point of view on GRC, visit Audit Trail.
-- Paul van Kessel, Partner and Global Leader for Ernst & Young's IT
Risk and Advisory Services
As a Global Leader for Ernst & Young, Paul van Kessel is responsible
for the delivery of a wide range of risk and advisory services designed
to help enhance IT governance/risk management activities and improve IT
processes of organizations. By working on Continuous Control Monitoring
for almost 15 years, Van Kessel drives continuous innovation into the
GRC solutions that Ernst & Young is providing to clients.
About Approva
Approva® Corporation is the industry-leading provider of governance, risk
and compliance (GRC) software for continuous controls monitoring and audit
automation. We enable business, finance, IT and audit professionals to
automate controls across SAP, Oracle, JD Edwards, PeopleSoft and other
legacy applications. Our products are a controls monitoring standard for a
majority of the Big-4 audit firms. Global companies such as Bayer, DirecTV,
Discovery Communications, First Advantage, Honeywell, P&G, Pratt & Whitney,
Siemens and T-Mobile rely on Approva to reduce compliance risk, increase
operational efficiency and flag exceptions to their business controls.
Approva has certified integrations with Microsoft, Sun Microsystems, IBM
and SAP to provide a holistic GRC solution. For more information, visit
www.approva.net.
Editors Note: For company news and other information, please log onto to
Approva's press room at www.approva.net/news.
Contact Information: For More Information: Matthew Langan DBC Public Relations for Approva 202.298.7600 x.219 matthew@dbcpr.com Priya Ramesh Approva 703.956.8409 priya.ramesh@approva.net