GRC Technology Ecosystem

When I was a Chief Compliance Officer, I spoke frequently with our CIO about technology needs. Probably because prior to my compliance career, I spent many years in information technology. During those years in IT, I had seen technologies come and go, some adding great value and others well, never went much further than the software filing cabinet.

I am a firm believer in keeping things simple for many reasons – people come and go, cost of maintenance, ease of use, consistency, adaptability to changing business needs, training demands and several others.

The discussions I mentioned with our CIO went something like this:

CIO: I need you to help me understand the technology needs for compliance. It seems like we have a lot of different technologies being used for similar things but we still don’t have many capabilities that are being requested of IT.

ME: Sure, I totally agree. It’s like, how many systems does it take to track incidents, log and assess risks, manage policies and procedures, etc?

CIO: I want to define a GRC technology platform that supports the different user needs in a consistent manner. This would greatly reduce the user change requests to the various duplicated systems and provide the missing functionality we need. It seems like we just keep adding more point solutions and I don’t have the resources to keep them all going.

ME: I agree. We should be able to define and implement a GRC technology platform to support the standard GRC process requirements. Then as specific needs arise, we can address them collectively with targeted shared solutions.

CIO: Yes, that is exactly the environment I am looking for.


Organize your Ecosystem

If you can relate to the GRC technology discussion above, you might want to keep tabs on the work of the Open Compliance and Ethics Group (OCEG) and Michael Rasmussen - Vice President, Governance, Risk, and Compliance Research, Forrester.

Michael provides insightful information on GRC topics as well as some new work he is doing on Defining the GRC Technology Ecosystem.


Taking the next step

Axentis provides the GRC technology ecosystem for federated GRC and an ideal starting place is by including GRC in your strategic planning and budgeting. However, an alternative is starting with a focus in a specific area with an eye towards the broader GRC. Take a look at the recent Axentis paper mentioned in my previous post, Win As You Go: A Phased Approach to Implementing Enterprise GRC to see how this approach could provide the help you need and share your thoughts.