Five GRC Predictions for 2024

Dec 26, 2023

GRC 2024 predictions trends

As in previous years, we recently brought together industry thought leaders to get their insight on what to expect in the year ahead for governance, risk, and compliance (GRC).

Scott Cogan, senior vice president at SAI360, Bill Pennington, vice president of research of risk at Verdantix, Vicki Wright, regional director APAC at SAI360, and Nathan Parker a GRC Researcher came together for the GRC: Key Trends and Predictions for 2024 and Beyond webinar to share their thoughts.

The panelists felt a holistic, multi-faceted approach to risk in 2024 will be critical. They also stressed that GRC professionals need to focus more on driving operational resilience, embracing integrated GRC solutions, prioritizing cybersecurity and data governance, addressing Environmental, Social, and Governance (ESG) and third-party risks, strategically leveraging technology, and keeping a close watch on new regulatory changes in the coming year.

Five GRC Predictions

1. Operational Resilience Will Take Center Stage

Operational resilience has gained prominence, moving from a traditional control focus to a strategic function. Organizations are recognizing the importance of understanding their entire value chain, identifying vulnerabilities, and developing robust resilience strategies. This shift demands a holistic view of risks and emphasizes the need for integrated approaches to manage them.

2. Expect Increased Demand for Integrated GRC Solutions

The complexity of the GRC landscape is driving demand for integrated solutions that can consolidate various risk management processes. These solutions are expected to provide a unified view of risks, thereby enhancing the efficiency and effectiveness of risk management practices. The key is to choose technology that aligns with your organization’s specific needs while complementing your already-implemented processes.

3. Anticipate Heightened Focus on Cybersecurity and Data Governance Alike

Cybersecurity remains a top concern. Regulatory bodies like the SEC are intensifying the enforcement of cybersecurity reporting requirements. Meanwhile, the governance of data— particularly regarding transparency and control—is becoming top-of-mind for GRC professionals. Organizations must adopt stringent, now-or-never cybersecurity measures and establish robust data governance frameworks to stay compliant and secure.

4. GRC Professionals Will Continue Expanding on Their Current ESG and Third-Party Risk Management Efforts

ESG considerations are becoming increasingly significant and central to GRC practices. In parallel, managing third-party risks—especially those related to supply chains and geopolitical factors—will remain a top priority. This trend highlights the need for comprehensive risk assessments that encompass ESG factors and third-party dependencies.

5. Technology Will Serve Not as a Response to Change but as a Strategic Enabler

Technology, near-term, is expected to play a more strategic role in GRC. However, organizations are cautioned against viewing technology as merely a one-stop-shop, cure-all type of solution. The successful implementation of technology in GRC practices requires a careful assessment of organizational processes and goals. It is vital to ensure technology adoption is driven by the need to enhance risk management capabilities and not leveraged as a knee-jerk response to market trends.