Excellent governance, risk, and compliance (GRC) is a common aspiration, but how often is it a reality? For most companies, GRC is still a work in progress, according to McKinsey’s 2025 Global GRC Benchmarking Survey. Despite attempts to broaden expertise at senior levels, corporate leaders have indicated a “need for improvement” across various aspects of all three GRC pillars.
Common pain points include limited tech enablement, insufficient oversight resources, and the challenges posed by a shifting regulatory landscape. The survey of 193 corporate leaders provides valuable insights into GRC maturity worldwide and highlights strategies used by some companies to enhance their capabilities.
Key Insights
- 50% of companies have established a strategic board framework, using subcommittees to manage operations.
- Organisations often delegate risk and compliance responsibilities, affecting GRC maturity levels.
- Insurance is the only industry to rate its risk maturity as ‘good’ with an average score of 3.2.
- Compliance management across industries shows a need for improvement with an average score of 2.9 out of 4.0.
- Larger companies generally report higher GRC maturity than smaller firms.
Why should I read this?
If you’re interested in how companies can enhance their governance, risk, and compliance strategies, this article is a must-read! It sheds light on the widespread challenges businesses face and offers insights into practical measures that can be taken to improve GRC maturity across various industries. Don’t miss out on the chance to understand where your organisation might stand in this crucial area!