“In the wake of several well-publicized corporate scandals about 15 years ago – Enron and WorldCom, to name two – and the passage of the Sarbanes-Oxley Act in 2002, organizations that must adhere to regulations for data security, financial accountability and consumer privacy can’t do without someone making sure internal processes are being carried out properly. Enter the need for competent governance, risk and compliance (GRC) professionals.” -Kim Lindros and Ed Tittel, CIOA recent article by Henner Schliebs highlighted the discrepancies between the priorities of top executives in governance, risk, and compliance (GRC) and the actual operations of their organizations. Only 1 in 10 out of over 1000 surveyed in research conducted by SAP with Loudhouse Research were satisfied with the GRC policies and enforcement that were in place. The same percentage thought that GRC was integrated across the organization with managers sharing a balanced view and looking at common metrics across all projects and procedures, which means over 900 organizations did not have GRC embedded! This puts these organizations at severe risks during audits and reviews by their regulatory agencies and the penalties are severe, including financial and criminal penalties and the loss of public confidence in the operations of these organizations. Yet, over 65% of the respondents couldn’t quantify or qualify their current risk exposure.