Centralizing Governance, Risk Management and Compliance

Michael Vizard

It seems like an inordinate amount of time is spent assessing potential risks these days rather than working on things that add actual value to the business.

One of the reasons for this is that a lot of companies have not adopted a centralized approach to managing governance, risk management and compliance (GRC). Instead, they take on each individual GRC task separately, even though that task may be redundant because it was already dealt with when the organization complied with some previous requirement.

Fortunately, companies such as OpenPages, CA and others are making more headway with integrated application platforms that make it easier to manage a company's entire GRC portfolio of issues.

For example, OpenPages just partnered with Network Frontiers, a company that has built a Unified Compliance Framework (UCF) database that tracks all the necessary controls needed to come into compliance with thousands of regulations. But as it turns out, there are only about 2,500 unique controls needed to come into compliance with the vast majority of regulations. Unfortunately, most companies take regulations on one at a time, so they often don't realize they are essentially building the same controls over and over again.

This lack of coordination over controls usually then results in a huge waste of time for the IT staff, coupled with wasted money spent on consultants that are paid to help the IT staff develop the redundant controls.

This is the second time this week we've seen a vendor partner with Network Frontiers, so it's probably the case that UCF is well on its way to becoming an industry standard resource.

Given the huge amount of money spent on defending against the theoretical, it's nice to finally see a tool that makes a tangible difference in not only making the organization more secure, but does it in a way that can substantially reduce costs.

Add Comment      Leave a comment on this blog post
Sep 23, 2009 2:17 AM Kristen Kristen  says:


I enjoyed your post thoroughly. It really makes you think about how we go about implementing risk management initiatives. 'Centralizing' your efforts is a good way of driving the point home. However, I'm a fan of referring to it as employing 'integrated' governance, risk management and compliance. I think it is more in line with the important point that these are areas of a business that should be built into the organization's culture.

Looking forward to your future posts!

Sep 23, 2009 3:08 AM PSI PSI  says:

Nice article about governance risk management and compliance.  Here they have said that the centralizing GRC is very important to an organization. All companies should adopt the centralized approach to manage the Governance Risk management and compliance.

www.theGRCSummit.com www.gsmiweb.com

Sep 24, 2009 3:49 AM TH TH  says:


Enjoyed the article on centralizing GRC solutions.

Another leader in the GRC space is Archer Technologies. They partnered with Network Frontier about five months ago for a few of the very reasons you cited in your piece above: Their customers are asking for help substantially trimming costs associated with GRC efforts, while still demanding providing broader coverage and visibility into potential gaps in regulatory compliance. See details here



Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.