Sarbox surge: Spending on governance, risk, and compliance solutions makes “to-do list”

For the first time since AMR Research began conducting its governance, risk management, and compliance (GRC) survey in 2003, executives have shifted their GRC budget focus to operational and enterprise risk management—making Sarbox and other regulatory compliance programs a necessary "to-do," but not a top-of-mind initiative.

By Manufacturing Business Technology Staff March 26, 2008

Boston-based AMR Research says companies will spend more than $32B on governance, risk management, and compliance (GRC) in 2008—an increase of 7.4 percent over 2007. Spending on Sarbanes-Oxley (Sarbox) compliance is expected to grow only 2 percent to $6.2B.
For the first time since AMR Research began conducting this study in 2003, executives have shifted their GRC budget focus to operational and enterprise risk management—making Sarbox and other regulatory compliance programs a necessary “to-do,” but not a top-of-mind initiative. Of companies surveyed, 31 percent say better managing and mitigating risk in the business is the most influential issue driving their GRC investment in 2008.
“In this economic climate, companies can no longer focus solely on reactive spending to meet each new regulation,” explains John Hagerty, VP and research fellow, AMR. “As executives are becoming aware of how different business and IT risks affect the bottom line, their spending focus is shifting toward approaching risk strategically, not just tactically.”
For the last few years, GRC services numbers have been decreasing as companies streamlined compliance activities, but as risk rises in importance, companies want and need guidance on how to frame the risk discussion in a business context. Thus, GRC initiatives remain an intensely human effort. Two-thirds of budgets (approximately $21.5B) are earmarked for people-related expenses (services plus head count) in 2008.