Access and Feeds

Governance: Today’s Solutions Go Underutilized

By Dick Weisinger

GRC refers to an organization’s global approach to Governance, Risk Management and Compliance.  But GRC is much more than this relatively simple definition.  Paul Proctor, analyst at Gartner writes that, “when it comes to GRC technologies we have to define some boundaries or essentially GRC is everything and everything is GRC.”

GRC has additional categories that need to be considered.  A recent survey by the nonprofit Open Compliance and Ethics Group (OCEG) found the top 10 spending priorities for GRC are:

GRC Category   Percent of Respondents
 Risk Management   33%
 Compliance Management   30%
 Audit Management   23%
 Automated Controls   21%
 IT Risk and Security   21%
 Policy and Training Management   19%
 Business Continuity   12%
 Reporting and Disclosure   12%
 Third-party Management   10%
 Fraud and Corruption   10%

It’s often hard to keep up with theh requirements requirements.  Osterman Research reports that US Federal agencies, for example, publish 14.7 final rules and 9.4 proposed rules, every work day.

The OCEG report also found that half of organizations said that the GRC technology that they deployed is under used.

Michael Rasmussen, Chief GRC Pundit at GRC, said that “this is likely due to the siloed nature of technology usage…  The majority of GRC solutions being used are stand-alone department or issue-focused solutions which comports with earlier finding that less than 20% of spend is on enterprise technology that spans across departments in the organization.”

Carole Switzer, OCEG President,, said that “one of the most striking findings is that the 70% of survey respondents recognize that the GRC technology currently deployed in their organizations does not meet their current needs, and this has led to two-thirds planning to increase their spend on GRC technologies to improve their use in the near future.”

Another interesting fact is that much of the technology that is being used to manage GRC is ad hoc or not sophisticated.  Slightly more than half of organizations simply use spreadsheets, emails and office documents.  17 percent of organizations use custom-built software, and 30 percent are using commercial GRC-specific applications.

 

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Leave a Reply

Your email address will not be published. Required fields are marked *

*