Enterprise governance, risk, and compliance, often known as GRC for short, is turning out to be a crucial focus for enterprise leaders. But it's unfortunately not an area where most organizations are up to speed.
Various reports cite the typical GRC effort in many enterprises as either one-sided, relegated to a specific department, or having a cock-eyed perspective.
Let's break that down: A recent report from Hypatia Research LLC states that the meaning of GRC is changing, thanks to a host of new regulatory requirements, along with often-conflicting needs within increasingly complex distributed organizations.
In the past, the functions within corporate GRC were often treated via disparate efforts -- regulatory compliance was the job of internal auditors, for instance, while IT handled security, according to Leslie Ament, Hypatia's VP, research and client advisory. Now, companies wishing to be more effective must look to a holistic approach that integrates these functions.
Adding to the challenge is the fact that companies looking to improve their GRC are turning to software, according to Hypatia. These present a roster of solutions, ranging from IT-oriented ones based on data monitoring to business-side solutions centered on financial risk metrics.
How to get it all together? Choosing the right software for GRC is often tied to selecting outside help -- which can be a virtual minefield for unwary execs.
“While most consultancies offer both business and IT GRACS [governance, risk, compliance, and security] advisory services via discrete practice areas such as Risk, Audit, or IT Security, less than 30% of those evaluated actually walk the walk in offering clients integrated advisory services,” Ament noted in a prepared statement for another Hypatia report.
GRC also presents challenges when tackled internally. Experts have argued, for instance, about whether internal auditors are focused on the issues and measurements that will really deliver the information top management needs to make decisions about corporate risk.
Ultimately, the issue of GRC is one that each organization must put through its particular filter of needs and priorities. But it's certain that advances in the volume of data, the level of technology available, and the complexity of organizations and regulations will ensure they'll have a lot to consider in that task.
I'm not sure if GRC software could help a particular industry without other changes being put into place as well. But GRC represents the kind of integration across IT and business functions that experts tell us are so sorely needed these days.
That's a great perspective, Mary, on such an important topic. I truly like your suggestion of the need for a holistic view.
It seems as if many companies still view GRC in the limited scope, to reduce or eliminate any type of coporate claims, without viewing the inter-relationships of how an organization conducts its business, complies with laws, and meets the legal/ethical standards.
Your points on the effective use of technology to better meet the GRC demands are excellent.
I further believe that there are a number of companies that also take a limited view on the technology aspect, including the security of public/private information, protection of intellectual property, etc.
I think the following comment made by a contributor does buttress your point;
"
Steven, it is clear to me that many organizations and executives still view risk management, or in it's widest scope, GRC, as a cost to the business. Something that should or has to be done, as opposed to something that drives competitive advantage and business performance. You allude to the fact that GRC is something the enterprise can do without during a period of belt tightening - at Strategic Thought we believe the opposite - that risk management delivers competitive advantage and increased business performance. To give you a single, simple and clear example of what this means in ROI terms, we have helped a number of our customers reduce their total insurance costs from between 3%-8% using our enterprise software. It doesn't take too much extrapolation to understand how the magnitude of this type of cost saving is driving differentiation in the market for those companies willing to embrace change. This example is one of around 20 specific value propositions we offer customers in GRC."
To me that explains why Enterprises are lacking in GRC.
Focus on Reward side (the upside) of GRC is therfore where the hidden value is - the trick is in selecting a vendor that speaks such language
So if according to the report,enterprises are lagging in GRC, what would you say about the value proposition of GRC software?
Over the last 2-3 years we have seen massive recalls been made by the major auto industry. Do you think an effective GRC adoption would have minimized or even eliminate those recalls?
Indeed, and efforts need to be integrated and coordinated. If data is regulated, it must also be tightly controlled and secured. Some departments may want to use it for analytics, which brings other issues into the mix.
Bottom line? GRC has to emerge as a priority, not a loosely coupled task conducted among different divisions at different times.
Regulatory issues aren't just nuisances; they are strategic concerns for businesses, and companies need to design compliance into all their IT and business plans. Businesses can't treat compliance as a last-minute add-on.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Almost everyone agrees that data analytics, digital marketing, apps, and APIs will greatly affect their enterprise's results in the next 12 months. But a report suggests that not all large corporations are moving quickly to adopt these enabling technologies -- and that could seriously harm their profitability, customer satisfaction, and chances for ongoing success.
Enterprises are embracing open-source to avoid vendor lock-in, get better-quality software, and gain access to larger libraries of applications. In return, they may be putting themselves at risk for higher, more complex support costs.
Whereas some businesses search externally when they need a CIO, Choice Hotels had to look only at its CTO for someone with the necessary expertise, industry knowledge, and technological know-how to continue leading the company's embrace of enabling technologies.
Local social media can be powerful marketing tools, but they can't just be add-ons. They need to be tightly integrated into the corporate culture, according to Whole Foods social marketers.
Big-data has become a big point of emphasis for many businesses. While the technology is available to deploy these applications, the needed personnel often is not. As a result, analytic engineers' salaries have blown past the six-figure mark, and hiring these experts has become a challenge for IT managers.
New tools like laptops, tablets, smartphone, and wireless connectivity let us work from San Diego to Katmandu, and anywhere in between. But time management remains a problem.
Showing results is the best way to win over social business doubters, according to Mary Maida, Medtronic lead information solutions manager. Internet Evolution's Mitch Wagner interviewed Maida at the E2 Innovate conference.
Companies need to take advantage of new technologies to simplify interfaces, improve capabilities, and enhance back-office processes. But they can't upgrade their Websites too often.
Wells Fargo uses social software to replace email chains and help its sales team collaborate more effectively to land deals, according to Kelli Carlson-Jagersma, VP Collaboration Strategy for Wells Fargo. Mitch Wagner spoke with Carlson-Jagersma at the E2Innovate conference
The medical instruments manufacturer looks to metrics to quantify its social business engagement, according to Mary Maida, Medtronic lead information solutions manager. Internet Evolution editor in chief Mitch Wagner interviewed Maida at the E2 Innovate conference.
Cisco's rumored sale of Linksys suggests we may have problem with innovation and profit at the edge of our Internet, and that could be critical to the evolution of many Internet-delivered services.
A survey by JD Powers found that customer interest in product features is lessening as phones evolve. Rather than features, price is driving purchases, and that change could have a dramatic impact on how IT departments secure these devices.
Businesses helped neighbors with Internet access and mobile device charge-ups during Sandra. Following that example, enterprises should consider preparing Internet disaster plans to help the public during disasters.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
Email This
