Thursday, September 07, 2006
GRC Emerges From the Shadow of Compliance
Myriad compliance requirements, over the years, have caused most companies to initially jump through hoops when a new one comes along, with the most visible (and some might also say painful) concern being Sarbanes-Oxley (SOX) compliance. In time, panic was replaced with rational thought and a workable plan of how to meet the legal and regulatory requirements while streamlining business processes and mitigating risk.
With such intense focus on short-term concerns, companies sometimes miss the real long-range objective: a better-managed and optimally performing organization.
Emergence of GRC as discipline and software category
Governance, risk management, and compliance (GRC) as a term has been bandied about for a few years. AMR Research defines each component of GRC as follows:
* Governance is the oversight role and part and parcel of setting strategic objectives.
* Risk management evaluates all relevant business and regulatory risks and controls and monitors mitigation actions in a structured way.
* Compliance is the execution of these objectives, based on risk tolerance.
posted by Brian Moran @ 8:35 AM