The U.S. Shutdown Puts GRC in the Spotlight

Government Shutdown GRCOrganizations in highly regulated industries received a momentary reprieve as the United States federal government entered shutdown. While some organizations may welcome the respite, the increased uncertainty that would accompany a lengthy hiatus could prove to be more harmful to unprepared organizations.

Federal regulatory agencies have announced large-scale reductions in activities and furloughs, cutting some to as little as 2% and 3% of pre-shutdown capacity (Figure 1). While a quick resolution in Congress would have minimal consequences, an extended shutdown (the last one lasted 21 days) would result in widespread cessation in oversight activities as agencies’ functional capacity approaches zero. With time, even agencies with sufficient funds to keep doors open temporarily will be reduced to minimal capacity, such as the Securities and Exchange Commission, which will need to furlough 91% of its workforce after a few weeks. Agencies retaining relatively robust reserves of “excepted” staff, such as the FDA, expect to make significant cutbacks in inspection and enforcement activities.

Figure 1: Expected Active Staff Retained in Shutdown

ShutdownPicture5

Source: Blue Hill Research, Data Drawn from Agency Projections, October 2013

An extended shutdown means a widespread drop in oversight and enforcement activity. This would be a sudden departure from the increased enforcement announced by agencies such as the Federal Trade Commission and the Securities and Exchange Commission in recent months. The absence of regulators could exacerbate the uncertainty introduced by the shutdown as organizations lose confidence in partners and markets. While excessive regulation slows business operations, a lack of oversight becomes an opportunity for some to engage in fraud or to cut corners. An extended regulatory hiatus could thus contribute a period of increased financial and operational risk.

The government shutdown will test the worth of Governance, Risk, and Compliance (GRC) officers.

Much of GRC stewardship involves preparing the organization for changes in its risk and compliance environments. However long it lasts, the federal shutdown will involve rapid shifts in risk and compliance priority. Organizations that were ramping up for increased regulatory oversight will need to pivot to focus on growing risks in their financial portfolios and supply chains. Once the shutdown ends and regulators return in force, the organization must pivot again, while still responding to lingering risks.

Organizations unprepared for contingencies will be unable to change gears as needs shift. Where risk and compliance functions remain segregated across functional departments, the unwieldiness of the organization will mean each pivot will come with wasted effort, confusion, and costs.

Successful GRC officers will have implemented integrated risk and compliance processes and controls that allow the organization to navigate these shifts with minimal disruption. In the first case, GRC initiatives will be revealed as the obstructions they are often perceived to be. GRC officers in unprepared organizations will face difficulty justifying their salaries and budgets. In the latter, GRC initiatives will be recognized as valued safeguards of business performance. That success will generate accolades for GRC officers, demonstrate ROI, and justify expanded programs

About David Houlihan, Esq.

David Houlihan researches enterprise risk management, compliance and policy management, and legal technology. He is an experienced advisor in legal and technology fields with a unique understanding of complex information environments and business legal needs.
Posted on by David Houlihan, Esq.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Latest Blog

Managing Today’s Mobile Projects - Part 1: An MMS Partner is Critical to Success GRC Implementation Success, Part 2: GRC’s Place in the Business GRC Implementation Success, Part 1: Implementation Success is GRC Success

Topics of Interest

Advanced Analytics

AI

Analytics

Anodot

Attunity

authentication

BI

Big Data

Blog

Business Intelligence

Cloud

Cognitive Computing

Corporate Payments

Data Management

Data Preparation

Data Wrangling

DataKitchen

DataOps

DataRobot

design

design thinking

Domo

Emerging Tech

enterprise applications

Enterprise Performance Management

enterprise video

fog computing

General Industry

GoodData

GRC

Hadoop World

Human Resources

IBM

IBM Interconnect

Iguazio

ILTACON

Informatica

Information Builders

innovation

Internet of Things

IoT

knowledge

legacy IT

Legal

Legal Tech

Log Data

Machine Learning

Managed Mobility Services

Microsoft

Mobile Managed Services

Mobility

Nexla

Order-to-Cash

passwords

Pentaho

Podcast

Predictive Analytics

Private Equity

Procure-to-Pay

Qubole

Questioning Authority

Recurring Revenue

Risk Management

ROI

Sales Enablement

Salesforce

Security

service desk

Social Media

Strata

Striim

Supply Chain Finance

Switchboard Software

Tableau

Talend

Tangoe

Telecom Expense Management

Time-to-Value

Trifacta

TWIDO

Unified Communications

usability

USER Applications

User Experience

User Interface

video platform

Virtualization

Visualization

Wearable Tech

Yellowfin