GRC as a Catalyst for Business Change

Michael Vizard
Slide Show

The True Cost of Compliance

Survey reveals that doing the bare minimum is roughly the equivalent of an invitation to financial disaster.

Inertia is usually the single biggest obstacle most businesses encounter on a daily basis. Regardless of how much sense they make, certain processes are done the same way every day even though the reasons for why that is have been lost to antiquity.

What's interesting, however, is how many companies are finally re-evaluating their business processes not so much because they want to be more competitive, but because one or more new regulations have forced them to re-examine the way the company operates.

All too often, however, that process fails to result in any meaningful change because it's usually an effort that is driven from the top of the organization. The sad truth is that most senior executives don't have a lot of visibility into the processes that actually make the business work. What's required, says Alex Bender, director of security management and compliance marketing programs for the RSA Security Division of EMC, is an approach to re-engineering business processes that is driven from both the top and the bottom.

To help make that happen, EMC this week released an update to its governance, risk management and compliance (GRC) framework that includes more collaboration capabilities. The reality is that it's hard to keep momentum while driving major process changes over a span of months. EMC has upgraded the statistical analysis capabilities of its RSA Archer eGRC platform because, adds Bender, there really is no substitute for facts when trying to drive major organizational change.

Nobody is particularly in love with compliance, especially when it involves change that is being imposed from outside the organization. Compliance creates an opportunity to improve the condition of the business. The challenge is finding a way to not only figure out what to change, but, more importantly, how to make those changes stick.

Add Comment      Leave a comment on this blog post
May 31, 2012 4:32 AM Christian Weichelt Christian Weichelt  says:

Mike, thanks for bringing up this topic. You're right, hardly anyone is in love with compliance, but you name it, too: it offers great opportunities for business improvement. We see this a lot that regulation forces IT organizations to break up old structures and re-think governance - resulting in more transparency and efficiency as well as less cost and risk on the long run. We have put some of these thoughts together on the Anti-Fraud Network in "Increased Regulation: Burden or Opportunity?":


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.