The True Cost of Compliance
Survey reveals that doing the bare minimum is roughly the equivalent of an invitation to financial disaster.
One of the theoretical benefits of governance, risk management and compliance (GRC) has always been that by implementing controls and governance mechanisms, the business would run better because of the increased transparency brought on by compliance.
But there is a significant gap between collecting data and actually making it usable. The release of version 6.0 of the OpenPages GRC platform, which IBM acquired last year, is a significant step forward in terms of closing that gap by tightening the integration between OpenPages and the business intelligence (BI) software from Cognos that IBM also acquired back in 2007.
OpenPages and Cognos were partners before IBM swallowed them up. But the new release should make it easier to convince business executives that there can be a return on compliance investments versus just buying something to check off a regulatory box, says Gordon Burnes, vice president of marketing for OpenPages.
The real potential, says Burnes, comes from all the data that compliance controls capture about the business, which can be fed back to a BI application to give business executives real-time insight into changing business conditions and IT circumstances. The challenge is deploying compliance controls in a way that makes the gathering of that information continuous, rather than an event that occurs when there is an audit, Burnes adds.
Clearly, the convergence of compliance and BI could become just another area where people try to "boil the ocean." Burnes recommends that in the face of pending legislation such as the Dodd-Franks bill before Congress, customers should start out with some areas that are crucial to the business and, once successful, expand out from there. It's only a matter of time before companies will have to meld compliance and BI, so the time to get started doing this is now, he adds.
In the meantime, the best thing might be to start simply and introduce the compliance and BI teams within your organization. They come from worlds apart inside any organization, so getting them all on the same page is the first critical step in what is sure to be an extended journey.