Over 260 organizations across 15 industries were surveyed by MetricStream Research to evaluate key trends in policy management
November 29, 2017 | Palo Alto, California: MetricStream, the independent market leader in Governance, Risk, and Compliance (GRC) Apps and Solutions, today announced the results of its latest survey, “What Makes an Effective Policy Management Program?” The survey evaluated 260+ organizations across 15 industries to understand the ways in which organizations create, manage, and communicate policies, the challenges they face, and the types of tools and technologies used to support policy management.
A recent surge in corporate governance scandals—including sexual harassment and money laundering allegations at various companies—underscore the importance of robust policy management programs to keep errant behaviors in check. Many organizations have written policies in place, but much more is required to ensure that those policies are adhered to across the enterprise. To build a pervasive culture of ethics and risk-intelligent behavior, organizations need to ensure that their policies are communicated effectively, and updated regularly in line with regulatory and business changes. Moreover, policy compliance and violations need to be tracked on an ongoing basis and addressed proactively.
Against this backdrop, MetricStream Research surveyed organizations across five key areas: policy management challenges, policy management program structure, policy communication and training, managing policy exceptions, and the technology used to manage policies.
Key findings from this research include:
- The majority of organizations (55%) are unaware of policy violations that may have occurred
- While only 24% of organizations use policy management software, the benefits they enjoy are significant. Of these organizations:
- 21% take less than a month to develop and publish a policy from scratch
- 70% do not consider it challenging to author and distribute policies, or provide training
- 60% encountered less than 50 policy violations in the last year
- 80% of organizations using policy management software on a GRC platform take less than 3 months to author and publish policies, compared to only 55% of organizations using pure-play policy management software
- 42% of organizations that require employees to attest to certain policies encountered less than 50 policy violations.
- 59% of organizations that have mapped their policies to risks and compliance requirements do not consider it challenging to update polices as regulations evolve.
- The majority of organizations that use standardized policy templates (62%) take less than a quarter to develop and roll out a new policy.
“Our survey findings indicate that an integrated and consistent approach to policy management can yield significant benefits,” remarked French Caldwell, Chief Evangelist, MetricStream. He continued, “Those surveyed who have mapped policies to risk and compliance requirements, have integrated training into policy management programs, or are using policy management software on a GRC platform are able to create and communicate policies faster, update them effectively, and minimize compliance violations.”
To access the report, click here.
MetricStream, the independent market leader in enterprise and cloud applications for Governance, Risk, Compliance (GRC) and Quality Management, makes GRC simple. MetricStream apps improve business performance by strengthening risk management, corporate governance, regulatory compliance, vendor governance, and quality management for hundreds of thousands of users in dozens of industries, including Financial Services, Healthcare, Life Sciences, Energy and Utilities, Food, Retail, CPG, Government, Hi-Tech and Manufacturing. MetricStream is headquartered in Palo Alto, California, with an operations and R&D center in Bangalore, India, and sales and operations support in 12 other cities globally.
US: +1 (925) 451-1468