GRC: The Cornerstone Of High-Performing Finance

CFOs today must think strategically. They must innovate. And they must work side-by-side with their fellow executives to keep their organization thriving in the face of new digital competition.

Yet despite this ever-expanding mandate, one responsibility remains a sacred trust for the finance function: a major stake in governance, risk, and compliance (GRC). Although the size of that stake varies by industry and company, more than two-thirds of finance executives consider optimizing risk and compliance management a top business goal, according to new research from Oxford Economic and SAP. In fact, 97% of the 1,500 finance executives we surveyed said finance has strong decision-making authority over risk monitoring and assessment at their company, and 93% said the same about ensuring compliance and enforcing policies.

It makes eminent sense that risk management should be foundational to finance. After all, what’s the point of investing resources to grow a business if at any moment an adverse event – whether internal or external – could wipe out your balance sheet or market cap? The CFOs we interviewed confirmed that when they report to the board of directors, GRC often takes center stage. “Enterprise risk management is first and foremost in their minds,” says Brian Stief, CFO of multinational Johnson Controls.

Finance leaders view risks more clearly

For this reason, a strong relationship between the finance function and GRC is a criterion for what we call “Finance Leadership” – a set of six finance practices that boost performance across the enterprise. For example, we found that finance leaders were almost twice as likely as non-leaders to report rising market share over the past year, and much less likely to struggle with cost control. It’s no coincidence that more than half of finance leaders described risk and compliance management at their organization as “very effective,” compared with only 38% of non-leaders. These companies encourage collaboration between their finance and GRC functions by ensuring that they can easily share standardized data and reporting, and that their business systems are integrated so they can communicate with each other.

Finance leaders also appear to have a clearer understanding of an increasingly widespread risk: cybercrime. As global ransomware attacks proliferate and data hacks threaten organizations of all types, cyber-risk management becomes a critical defense. Yet alarmingly, only 56% of our survey respondents named cybersecurity a top business risk facing their company in the next two years – suggesting a potential risk-management blind spot. Among finance leaders, awareness of cyber risk climbs significantly: Two-thirds cite it as a top risk to watch over the next two years.