Top 5 GRC Trends for 2024: Insights from SAI360 and Industry Experts

Mar 4, 2024

In the fast-changing business world, 2024 will be a pivotal year for Governance, Risk, and Compliance (GRC) experts, bringing significant changes. GRC professionals must remain agile, strategically aligned, and technologically advanced. SAI360, joined by GRC specialists from Verdantix, regional leaders, and industry analysts, predicts key GRC trends for 2024.

Key GRC Trends for 2024

governance risk compliance trends 1. OPERATIONAL RESILIENCE WILL TAKE CENTER STAGE

Operational resilience is predicted to be a primary focus in 2024. Said Bill Pennington, vice president of research of risk at Verdantix, “Risk is starting to move away from being really a traditional control function and also becoming a bit more of a strategic function of organizations.”

This shift underscores the importance of understanding and managing the full scope of operational risks to ensure business continuity and adaptability in the face of challenges.

2. EXPECT INCREASED DEMAND FOR INTEGRATED GRC SOLUTIONS

Overall demand levels for integrated GRC solutions are expected to rise significantly.

As Bill Pennington noted, “Risk can’t exist in a silo anymore, and risk impacts your organization across multiple different business units.”

This trend reflects the need for a unified platform that consolidates various GRC processes, allowing for more efficient and comprehensive risk management.

3. ANTICIPATE HEIGHTENED FOCUS ON CYBERSECURITY AND DATA GOVERNANCE

Cybersecurity and data governance are anticipated to receive heightened attention. Said SAI360’s Scott Cogan senior vice president and go-to-market leader, “The ongoing global conflicts, the fear of recession, ever-present threat of cyber attacks, have caused businesses to constantly re-evaluate their risk profiles and resilience strategies.”

This prediction highlights the need for robust cybersecurity measures and effective data governance to protect against evolving digital threats and ensure regulatory compliance.

Significant data breaches are now commonplace, potentially affecting millions of customers in the mere blink of an eye. According to Vicki Wright, GRC technology director and SAI360’s regional director APAC, regulations are picking up around the world in response.

For example, there is now an increasing emphasis on data security and regulatory compliance in the Asia-Pacific financial sector, Vicki explained.

“Other organizations outside of banks and financial institutions are also paying attention” to new regulations aimed at enhancing operational resilience and risk management, she stated.

4. GRC PROFESSIONALS WILL CONTINUE EXPANDING ON THEIR CURRENT ESG AND THIRD-PARTY RISK MANAGEMENT EFFORTS

Expansion of efforts in ESG and third-party risk management by GRC professionals is expected to continue.

GRC researcher, Nathan Parker, commented, “The interconnectedness and complexity of risk both from the types of risks as well as where those risks are stemming from like new technologies and third-party vendors.”

“There aren’t really separate regulations for third-party risks. They’re all being grouped up into one holistic view, and companies are expected to have that holistic view and treat all technologies, and all third parties as the same as if they were under one roof,” Nathan explained.

A key focus moving forward will be the extent organizations can respond to the increasing importance of ESG factors and the complexities introduced by extensive third-party networks in business operations.

5. TECHNOLOGY WILL SERVE NOT AS A RESPONSE TO CHANGE BUT AS A STRATEGIC ENABLER

Technology is predicted to transition from being a reactive solution to a strategic enabler.

As Bill Pennington asserted, “A lot of organizations will potentially go about it incorrectly, and leverage technology as a silver bullet without evaluating their processes and without undertaking strong change management processes.”

“We need a new solution,” Bill concluded, underlining the need for technology to be integrated thoughtfully within GRC strategies. And enhancing—rather than merely responding to—organizational changes.