GRC Chaos: The High Price of Audits and Non-Compliance

Organisations cited financial penalties (39%), security breaches (36%), and reputational damage (36%) as the top risks of poor compliance management

62% say their audit evidence-gathering process is at least occasionally error-prone.

Over half of organisations (54%) spend more than five hours each week on manual compliance tasks.

90% of organisations are concerned that poor collaboration between GRC and security teams is undermining audit preparation.

96% of organisations say it’s challenging to keep up with the growing number of industry regulations.

Only 29% of all organisations say their compliance programmes consistently meet internal and external standards.

On average, just 39% of the audit evidence process is automated.

92% of respondents rely on three or more tools to gather audit evidence.