You may have read the recent news release from AMR Research on their study showing that companies will spend more than $32B on governance, risk management and compliance (GRC) in 2008.
Besides the prediction of the 7.4% increase this year, there seems to be an increasing inclination to move from point-solution approaches such as those applied for SOX and other compliance mandates to more of an enterprise approach.
While this is good news for service and solution providers in this market, it has been my experience that an enterprise approach didn’t cost more, it actually cost less, produced better results, was easier to maintain and provided much greater value to the business.
Sure, the transformation takes time and effort and maybe even some outside help but the biggest and most critical investment is in the mindset-shift of the board, management and the workforce who by the way, take the lead from the leaders. Once you’ve decided it’s time, start like a number of our customers, by creating a risk and compliance council to bring multiple organizational and domain views together to drive the planning, execution and provide enterprise guidance.
Also, you do not have to start all at once, but as I’ve said in several webcasts, “think big and implement small”, building credibility, creating momentum and establishing processes and technology approaches that can be leveraged into a consistent (but not necessarily homogeneous) enterprise implementation. My GRC colleague Michael Rasmussen at Corporate Integrity, LLC likes to use the term “federated” to further describe this approach.
The Open Compliance and Ethics Group (OCEG) also has a wealth of experience and resources that they continue to gather and organize to help companies move to the next level of GRC maturity. OCEG, Axentis and others continue evangelizing GRC because we see the good has brought to companies as a long term strategy that can bring quick results and improved performance.
Do you know what your company is investing in GRC this year? How much of the investment is contributing towards an enterprise approach?
Subscribe to:
Post Comments (Atom)
2 comments:
Brett: Technology opens many new, creative ways for enterprises to comply with legal and ethical obligations. Compliance is about communication, and technology enables better communication. What do you think? --Ben
http://hack-igations.blogspot.com/2008/05/nix-smoking-gun-e-discovery.html
Ben: I agree with both the role of technology and communications with regards to "good" compliance. However, I would add that information that can drive business decisions and the automation of routine processes in a consistent manner is where technology can make the biggest impact.
Thanks for your comment. -- Brett
Post a Comment