Governance, Risk & Compliance

Governance, Risk & Compliance

Share
February 22, 2011

Five Predictions for Your 2011 Governance, Risk and Compliance Program

By TMCnet Special Guest
Chris Noell, Executive Vice President, Product Management, ANX ,


2010 was a difficult year for organizations that were looking to establish and maintain an effective GRC program. As we move further into 2011, the number of applicable regulations and standards will continue to increase, making the importance of Governance, Risk, and Compliance (GRC) rise for organizations that are looking to protect against security breaches. The following are five predictions that we can expect to see in 2011 GRC programs.

Increased Focus on Risk Management Capabilities

Risk management finally surpasses compliance as the top GRC initiative in 2011. The majority of organizations have matured their compliance processes enough to move on to other objectives. As organizations mature their risk management capabilities, they will find that their compliance program has not only resulted in controls that meet regulatory requirements and mitigate a significant degree of business risk.

Redistribution of Internal Resources

According to recent studies, risk and compliance functions spend the majority of their time on tactical administrative tasks. Studies show that as much as 62 percent of effort is spent on data collection versus 36 percent on analytics/risk mitigation, and two percent on other tasks. When tactical activities dominate a program, there are three main issues that arise – audit fatigue, low value outcomes, and low level of executive participation. In 2011, organizations will reverse these percentages, with more focus on strategic activities, through enhanced GRC workflow capabilities, such as better delegation and definition of controls, and in some cases, GRC outtasking. 

Self-Service for Better Efficiency

GRC staff, such as risk, compliance, internal audit, and security personnel, define the rules of the game and referee but line managers execute the majority of GRC activity. In 2011, organizations will empower line managers with the technology and corporate-approved processes and content they need to plan and execute their own GRC initiatives, ultimately reducing the cost of GRC and blending it more seamlessly with the organization.

Organizations who adopt a decentralized approach in 2011 will see a number of advantages, including lower overhead costs, a better adoption of the GRC philosophy as an integral part of corporate culture, and better knowledge transfer of GRC concepts and control knowledge to line management.

Increased Use of Contract/Vendor Management

As regulatory requirements increase, usage of the cloud and SaaS (News - Alert) technologies will grow and the number of obligations imposed by business partners will increase. Organizations using an enterprise-wide vendor risk management process and control library will expect to an increased use of standard vendor assessments and leveraging industry frameworks, such as UCF, BITS, and HyTrust. 

SaaS Overtakes Software

Traditional implementation by organization is to use on-premise software solution. This year expect to see more new implementations leveraging a SaaS delivery model for GRC. In today’s economy, organizations want to take advantage of lower operating costs, faster time to deploy, less risk, and the high flexibility of a SaaS model.

At the end of the day, 2011 will be an exciting year for GRC programs.

Chris Noell is responsible for managing ANX’s TruArx enterprise governance, risk, and compliance software-as-a-service solutions. He has more than 15 years of diverse experience handling issues associated with designing, implementing, and securing enterprise applications, databases, and networks. He can be contacted at [email protected]


TMCnet publishes expert commentary on various telecommunications, IT, call center, CRM and other technology-related topics. Are you an expert in one of these fields, and interested in having your perspective published on a site that gets several million unique visitors each month? Get in touch.

Edited by Tammy Wolf
Share


blog comments powered by Disqus


FREE eNewsletter

Financial Technology Industry News