We've written for months about the continuing trend away from a "fire drill approach" to compliance and toward an enterprise-wide approach that integrates governance and risk with compliance.
In a Techworld piece posted Friday, Informatica's Richard Jones emphasizes that the first step to achieving an enterprise approach to GRC is "having a strategy around data for GRC." Data that is cleansed, comprehensive and trustworthy is the key. Why? Jones says:
Data quality issues such as completeness, conformity, consistency, duplication, integrity, and accuracy plague every organisation today. Low quality data is introduced into systems via data capture processing errors, data migrations, and system consolidations. Companies must be confident in their data quality and have the right tools, people, and processes meeting the organisation's GRC goals.
Citing Forrester Research, Jones says that ignoring risk in your company results in what's called the "iceberg of risk," where the great majority of a company's risk is "underwater" -- or that it isn't even on the radar. Where several risk factors occur simultaneously, the compounded risk to the company is far greater than the sum of each factor involved.