Is GRC an all or nothing proposition?
Friday, August 17, 2007
Posted in: Regulations
Senior research analyst Peter Williams with Bloor Research had a lot to say in his recent article posted at IT Analysis titled “Can unified governance deliver for the emerging GRC market?” I recently spoke with Peter about the current state of GRC. His article reflects some of the same ideas that we discussed. I think that we’re still in the very early stages GRC where most companies are looking at GRC projects rather than embarking on enterprise-wide solutions right out of the gate.
This is where GRC platforms that solve an immediate compliance problem at a departmental level or for a specific regulatory initiative are ideal. You can solve a problem relatively quickly without taxing your budget or your resources and use the same approach for more initiatives when you’re ready.
Here are some of Peter’s comments from his article I think are worth considering:
“…be wary of very large consultancies anxious to work with enterprises on GRC and claiming multi-million dollar open-ended contracts are needed. Try asking them what they are offering to achieve ‘unified GRC' or unified governance.”
“…even to get your (or my) head round everything involved in this is difficult—and different for each enterprise—so it is an even bigger ask to turn the theory into practice.”
“A unified approach involves bringing together the often separate corporate functions of risk and compliance management, security, business continuity (BC) and general business functions—and applying IT to it. To achieve it also involves a considerable internal culture shift.”
“…every business beyond the very smallest needs to be looking in the round at GRC / security / standards / policies and their implementation—unified governance—and its potential benefits.”
Peter concludes with the statement “nobody yet has a total answer—but watch the market grow” From the Polivec perspective, as a GRC solution vendor of course I want to see the market grow – and it is – but out where the rubber meets the road it all starts with solving one compliance initiative and another, and another until they fall like dominos.