![\"ostrich-head-in-sand-banner\"](\"https:\/\/i0.wp.com\/timoelliott.com\/blog\/wp-content\/uploads\/2011\/12\/ostrich-head-in-sand-banner.jpg?resize=690%2C313&ssl=1\" "\\"ostrich-head-in-sand-banner\\"")
<\/p>\n<\/p>\n
In a previous post<\/a>, I talked about the \u201cillusory superiority<\/a>\u201d effect, and how it blinds people to the fact that, on average, it\u2019s unlikely that they use data better than their competitors.<\/p>\n Guess what? It turns out that it applies to governance, risk, and compliance, too. Here are some figures from another Economist Intelligence Unit Survey, \u201cAscending the Maturity Curve, Effective Management of Enterprise Risk and Compliance<\/a>\u201d:<\/p>\n We can see that of those who haven\u2019t experienced failures, only 1% believe that they are worse than average \u2013 and even among companies that have experienced failures, fully 87% believe that they are as least as good as their peers.\u00a0 Unless the Economist has stumbled across a particularly great group of companies to study, it seems clear that most organizations are overestimating the quality of their GRC practices, and hence underestimating the real risks they are running\u2026<\/p>\n There\u2019s also data in the report that seems to indicate that the finance function is the mostly likely to be blindsided \u2013 as you can see in the chart below, they are far more likely to say that there was no significant risk or compliance failure in the past three years. Since this is not a group known for their exuberant optimism, it\u2019s likely that they simply didn\u2019t know about the risks run by the other teams\u2026<\/p>\n In conclusion, if you\u2019re in the finance function, and responsible for your GRC practices, it\u2019s likely that you should be investing more than you are today. For more information, check out SAP’s GRC products<\/a>, and Norman Mark’s blog on Governance, Risk Management, and Internal Audit<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" Less than 13% of companies surveyed believe that their GRC practices are worse than that of their competitors… Are you in denial, too?<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[2],"tags":[213,281,419,427,537,544,891,911,1068],"class_list":["post-12231","post","type-post","status-publish","format-standard","hentry","category-best-practice","tag-businessobjects","tag-compliance","tag-economist-intelligence-unit","tag-eiu","tag-governance","tag-grc","tag-risk","tag-sap","tag-the-economist"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p3X9RF-3bh","_links":{"self":[{"href":"https:\/\/timoelliott.com\/blog\/wp-json\/wp\/v2\/posts\/12231","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/timoelliott.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/timoelliott.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/timoelliott.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/timoelliott.com\/blog\/wp-json\/wp\/v2\/comments?post=12231"}],"version-history":[{"count":0,"href":"https:\/\/timoelliott.com\/blog\/wp-json\/wp\/v2\/posts\/12231\/revisions"}],"wp:attachment":[{"href":"https:\/\/timoelliott.com\/blog\/wp-json\/wp\/v2\/media?parent=12231"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/timoelliott.com\/blog\/wp-json\/wp\/v2\/categories?post=12231"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/timoelliott.com\/blog\/wp-json\/wp\/v2\/tags?post=12231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"risk_compared_to_competitors\"](\"https:\/\/i0.wp.com\/timoelliott.com\/blog\/wp-content\/uploads\/2011\/12\/risk_compared_to_competitors.jpg?resize=690%2C355&ssl=1\" "\\"risk_compared_to_competitors\\"")
<\/p>\n![\"riskbyfunction\"](\"https:\/\/i0.wp.com\/timoelliott.com\/blog\/wp-content\/uploads\/2011\/12\/riskbyfunction.png?resize=690%2C245&ssl=1\" "\\"riskbyfunction\\"")
<\/p>\n