The whole governance, risk management and compliance (GRC) category started out pretty much as a response to a variety of financial scandals, starting with the Enron debacle in 2001 and moving all the way through to Bear Stearns and Bernie Madoff in 2008.
While many have claimed the GRC added little more than overhead to the business, it's fair to say that most businesses are better run today because of regulations than they were at the beginning of 2001.
Unfortunately, during the last decade GRC bifurcated into two distinct sets of disciplines. There were various GRC platforms focused on financial controls and a completely different set of tools for managing IT as it related to GRC.
But at the start of 2011, Scott Wisniewski, director of Risk Technologies at Protiviti, a global risk and business consulting company, says it's clear how these two different GRC disciplines are not only starting to converge, but also how GRC data is going to be used to proactively manage the business.
What most companies have begun to discover, says Wisniewski, is that you can't have a GRC event that doesn't involve IT. As a result, there is a bigger push to provide federated frameworks for GRC that will make it easier to tie an IT event to a specific financial risk and vice versa.
This "continuous" approach to GRC will also then create streams of data that can be fed into dashboards that business users will be able to access in order to proactively manage the business, says Wisniewski. Ultimately, that data will also be fed into a variety of analytics and business intelligence (BI) applications, which will automatically trigger specific actions and events once a certain business threshold is reached.
In effect, Wisniewski says that GRC is well on its way to becoming a business performance management tool. Of course, most companies still have a long way to go before they make the leap from trying to manage a myriad of GRC controls to actually proactively running the business based on the data those controls gather. But it's also plain to see how GRC, security, data management, systems management tools and BI software are about to converge into something that truly is greater than the sum of the parts.